Indicators of Exposure (IoEs) in Tenable Identity Exposure

Tenable Product Education
27 Mar 202303:55

Summary

TLDRTenable AD is a security tool that assesses the maturity of your Active Directory with indicators of exposure (IOEs), categorizing them by severity levels. Users can view and search IOEs, filter by domain, and access detailed views including executive summaries, related documents, and known vulnerabilities. The platform also offers recommendations for remediation and allows for querying, filtering, and managing deviant objects, including the ability to ignore or export them as a CSV file.

Takeaways

  • 🔍 Tenable AD uses Indicators of Exposure (IOEs) to measure security maturity in Active Directory environments.
  • 📊 IOEs are assigned severity levels based on the flow of events monitored and analyzed by Tenable AD.
  • 🔑 To access IOEs, sign into Tenable AD, expand the panel, and click on 'Indicators of Exposure'.
  • 📋 The default view shows configuration items in your environment that are potential exposure items, rated by severity.
  • 🔄 Clicking the toggle can show all available indicators in your Tenable AD instance.
  • 🏠 Items without a domain indicate that you do not have exposure to them.
  • 🔎 You can search for indicators by typing a keyword, such as 'password', to see related indicators.
  • 🔎 Clicking on an indicator provides a detailed view including an executive summary, related documents, and known attacker tools.
  • 🔍 The 'Vulnerability Details' tab offers additional information about the checks done for an IOE.
  • 📋 The 'Deviant Objects' tab lists objects and reasons triggering the exposure, with expandable details.
  • 🔍 Users can create queries using Boolean expressions or by building a query through the filter icon.
  • 🗓️ Queries can be set with specific start and end dates, domains, and can include ignored items.
  • 🚫 Objects can be ignored by selecting them and choosing 'Ignore Selected Objects', with a specified date until which they are ignored.
  • 📈 The 'Recommendations' tab provides remediation advice for each indicator.

Q & A

  • What is the primary purpose of Tenable AD's indicators of exposure?

    -The primary purpose of Tenable AD's indicators of exposure is to measure the security maturity of your Active Directory and assign severity levels to the flow of events that it monitors and analyzes.

  • How can you access the indicators of exposure in Tenable AD?

    -You can access the indicators of exposure by signing into Tenable AD, clicking the icon on the top left to expand the panel, and then clicking 'Indicators of Exposure' on the left side.

  • What are the default view settings for indicators of exposure in Tenable AD?

    -The default view shows configuration items in your environment that are potential exposure items, rated by severity as critical, high, medium, and low.

  • How can you see all the indicators of exposure in Tenable AD?

    -You can see all the indicators by clicking the toggle to the right of 'Show All Indicators'.

  • What does it mean when an item shows 'no domain' in Tenable AD?

    -An item showing 'no domain' indicates that you do not have exposure to that item in your environment.

  • How can you view indicators for specific domains in Tenable AD?

    -You can view indicators for specific domains by clicking on the 'Domain' dropdown to the right of 'Show All Indicators' and selecting the desired domains.

  • How can you search for specific indicators in Tenable AD?

    -You can search for specific indicators by clicking 'Search an Indicator' and typing a keyword such as 'password' to see all related indicators.

  • What information is provided in the detailed view of an indicator in Tenable AD?

    -The detailed view provides an executive summary of the exposure, lists documents related to it, known attacker tools that can exploit the item, and impacted domains.

  • How can you access additional information about the checks done for an indicator in Tenable AD?

    -You can access additional information by clicking the 'Vulnerability Details' tab in the detailed view of an indicator.

  • What is the purpose of the 'Deviant Objects' tab in Tenable AD?

    -The 'Deviant Objects' tab shows a list of objects and reasons that are triggering the exposure, allowing you to understand what is causing the deviance.

  • How can you create a query in Tenable AD to filter indicators?

    -You can create a query by typing an expression and entering a Boolean query for an item, or by clicking the filter icon to the left to build a query.

  • What actions can you perform on deviant objects in Tenable AD?

    -You can ignore objects by selecting them and choosing 'Ignore Selected Objects', and you can stop ignoring them using the 'Stop Ignoring Selected Objects' option.

  • How can you export the list of all deviant objects for an indicator in Tenable AD?

    -You can export the list as a CSV file by clicking the 'Export All' button.

  • Where can you find recommendations for remediation in Tenable AD?

    -You can find recommendations for remediation by clicking the 'Recommendations' tab in the detailed view of an indicator.

Outlines

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Mindmap

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Keywords

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Highlights

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now

Transcripts

plate

This section is available to paid users only. Please upgrade to access this part.

Upgrade Now
Rate This

5.0 / 5 (0 votes)

Related Tags
Tenable ADSecurity MaturitySeverity LevelsEvent MonitoringExposure IndicatorsConfiguration ItemsVulnerability ChecksDeviant ObjectsRemediation TipsSecurity AnalysisRisk Management