Back to onboarding indexTenable One onboarding portal
A unified approach to exposure management
We’re excited for you to get started with Tenable One onboarding. Use this onboarding page to familiarize yourself with critical processes and resources to get up to speed and stay informed on the latest product updates and releases.
Achieving onboarding success
By the end of your Tenable One onboarding you should be able to:
See all assets and vulnerabilities
predict
and prioritize
effectively communicate cyber risk
Getting started
Tenable One basics
Leverage these key resources and events to hit the ground running and stay informed of the latest product updates and releases.
Tenable One education & services
Need help getting started? Our Professional Services team is here to help with services, training and education to help you get up and running and make the most of Tenable One.
Things to consider before deploying Tenable One
Tags: Tagging is a critical component of Tenable One. The way you tag your data is how you ultimately visualize that data in your Exposure Cards. Exposure Cards can include one or more tags. Therefore, the tags you create dictate the custom exposure cards you can create.
Onboarding order: Onboarding order will vary by your needs and priorities. Below is our suggested order.
- Tenable Vulnerability Management
- Tenable Security Center
- Tenable Web App Scanning
- Tenable Identity Exposure
- Tenable Attack Surface Management
- Tenable Cloud Security
- Tenable OT Security
- Asset Inventory
- Lumin Exposure View
- Tenable Attack Path Analysis
Onboarding products
The more Tenable applications you use the more comprehensive your data and cyber risk insight! Set up additional Tenable applications now to gain complete visibility across your attack surface.
As part of Tenable One, you have access to the following applications. Select an application to view onboarding details.
Tenable Vulnerability Management
Tenable Vulnerability Management sets the foundation for Tenable One. You get:
- Individuazione e valutazione continue con sensori sempre attivi
- Built in threat intelligence
- Assegnazione automatica delle priorità alle vulnerabilità
- Fully documented API and pre-build integrations
For full onboarding steps visit the Tenable Vulnerability Management onboarding page.
- 1 Set up tags
- 2 Get comprehensive scan data
- 3 Scan frequently
- 4 Review the Asset Criticality Rating of your most critical assets
Set up tags
Tags are a critical component of Tenable One. The tags you create will determine the analysis that you can perform. When setting up tags consider how you want to visualize your assets. For example, tagging assets by geography, business unit and asset type allows for analysis on each of those groupings. All tags created in Tenable Vulnerability Management will automatically sync to Tenable One. This is how you will analyze data in Custom Exposure Cards within Tenable One.
Get comprehensive scan data
The more assets and asset types you scan, the more comprehensive your risk insight will be. We encourage you to also set up Tenable Identity Exposure, Tenable Cloud Security and Tenable Web App Scanning in your environment.
Scan frequently
We recommend you Scan frequently. The more you scan, the more often your data refreshes in Tenable One, making the data being presented more relevant.
Review the Asset Criticality Rating of your most critical assets
Most organizations know about their critical assets (ACR = 10). From there, work backwards to identify the next most important assets and validate/adjust their ACR as necessary (Note: Tenable will score only up to an ACR of 8, it is up to the customer to assign a 9 or 10 if an asset warrants that.)
- Review your assets in Asset Inventory once a Tenable Vulnerability Management scan has run. Here you will see a comprehensive inventory of your assets, including assets you may have otherwise overlooked.
- In Lumin Exposure View review your Exposure Cards. You can then create a custom exposure card based on business context. Each card allows you to customize your CES Target, Trending view, SLA timeframe and SLA efficiency.
- If an identity scan has successfully run, review Attack Path Analysis. This allows you to review findings and select a critical asset and query Blast Radius or Asset Exposure Graph. Note, the Attack Path Analysis feature is only available with Tenable One Enterprise Edition & will be covered in more depth later in this document.
Tenable Security Center
Tenable Security Center provides deployment flexibility for vulnerability management data within Tenable One (hybrid, on-prem or in the cloud). You get:
- Individuazione e valutazione continue con sensori sempre attivi
- Built in threat intelligence
- Assegnazione automatica delle priorità alle vulnerabilità
- Fully documented API and pre-build integrations
For full onboarding steps visit the Tenable Security Center onboarding page.
- 1 Install and configure scans
- 2 Set up tags
- 3 Scan frequently
- 4 Review the Asset Criticality Rating of your most critical assets
Install and configure scans
Get started by installing Tenable Security Center and doing a quick setup, covering licenses, scanners, and user accounts. Set up email settings, define scan areas, and configure basic security options. Then, run scans using provided templates, ensuring smooth operations. Confirm accessibility and configure additional features as needed. Create dashboards, reports, and search for vulnerabilities by ID.
Set up tags
Tags are a critical component of Tenable One. The tags you create will determine the analysis that you can perform. When setting up tags consider how you want to visualize your assets. For example, tagging assets by geography, business unit and asset type allows for analysis on each of those groupings. All tags created in Tenable Security Center will automatically sync to Tenable One. This is how you will analyze data in Custom Exposure Cards within Tenable One.
Scan frequently
The more assets and asset types you scan, the more comprehensive your risk insight will be. We encourage you to also set up Tenable Identity Exposure, Tenable Cloud Security and Tenable Web App Scanning in your environment. We recommend you Scan frequently. The more you scan, the more often your data refreshes in Tenable One, making the data being presented more relevant.
Review the Asset Criticality Rating of your most critical assets
Most organizations know about their critical assets (ACR = 10). From there, work backwards to identify the next most important assets and validate/adjust their ACR as necessary (Note: Tenable will score only up to an ACR of 8, it is up to the customer to assign a 9 or 10 if an asset warrants that).
Use Tenable One for accurate assessment of your Cyber Exposure risk and compare your health and remediation performance with peers.
- You must configure your Tenable Lumin Exposure View application specifically for use with Tenable Security Center. Then you can set the synchronization of Tenable Security Center to send limited data to Tenable Vulnerability Management for analysis in Tenable One.
- Tenable Security Center communicates with Tenable Vulnerability Management using an encrypted connection, as described in Encryption Strength. When you send data to Tenable Vulnerability Management, the system does not remove the data from your Tenable Security Center. You can continue normal operation of Tenable Security Center.
- After you configure Tenable Security Center data synchronization to Tenable One in Tenable Vulnerability Management, you can view information about your Tenable One metrics. You can view your Cyber Exposure Score, Assessment Maturity grade, and Remediation Maturity grade as well as Asset Criticality Rating and Asset Exposure Score.
- In Lumin Exposure View, review your Exposure Cards. You can then create a custom exposure card based on business context. Each card allows you to customize your CES Target, Trending view, SLA timeframe and SLA efficiency.
- In Asset Inventory, review your assets to understand the strategic nature of the interface as compared to other cloud products. This should help set your expectations on what features to use within Asset Inventory, and when.
Tenable Web App Scanning
Tenable Web App Scanning incorporates critical web application data and vulnerabilities into your vulnerability management program so you can:
- Identify and address gaps in coverage that may go unnoticed in a siloed, multi-product environment
- Find vulnerabilities in all web applications, whether they get a full penetration test or not
- Scan a running application in any stage, whether in production or an earlier environment
- Take advantage of a fully documented API and pre-built integrations
For full onboarding steps visit the Tenable Web App Scanning onboarding page.
- 1 Set goals
- 2 Determine scanning frequency
- 3 Understand your Web Application estate
Set goals
Once you deploy Tenable Web App Scanning create some quick scans to get a high level assessment to establish your baseline. Then consider setting some goals, for example:
- Is there a remediation timeline for critical vulnerabilities?
- What are your most critical web applications? Pay particular attention to publicly facing web applications.
- What qualifies as acceptable for your organization?
Determine scanning frequency
More frequent scans ensure up to date data.
Understand your Web Application estate
Using previously run scans, find where potential web applications exist.
- Review your web applications and identify those that require remediation, particularly those that are publicly available on the internet.
- Review the web application Exposure Card in Lumin Exposure View. Here you can:
- Set customized targets
- Set SLAs based on company policy
- Set SLA efficiency targets
- Create a custom Exposure Card based on business context such as
- Web application owner
- Asset criticality
- Application
- Internal or external web applications
- Ecommerce/supporting assets
Analytics check
Now is a good time to stop and investigate the data already in your platform. This helps you get a picture of what Tenable One is capable of doing so you can make more strategic decisions.
- Review your most critical vulnerabilities on your most critical assets using the VPR and ACR data. Take action to remediate if warranted.
- Think of how your remediation processes may need to be amended to take advantage of the information provided by Tenable Vulnerability Management, Tenable Identity Exposure and Tenable Web App Scanning.
- Review assets in Asset Inventory to understand the strategic nature of the Tenable One platform versus point products.
Tenable OT Security
Tenable OT Security with Tenable One offers a unified platform that enhances visibility and accelerates threat response across IT, IoT, and OT environments. This powerful combination supports real-time monitoring, leverages advanced threat intelligence for quicker responses and helps you prioritize and manage vulnerabilities effectively. Extensive API integrations ensure seamless operations, optimizing your security posture and operational resilience.
For full onboarding steps, visit the Tenable OT Security onboarding page.
Tenable suggests you complete the following milestones to ensure your success before proceeding with your Tenable One deployment process:
- 1 Asset Inventory
- 2 Review Exposure Card
- Review your OT assets to understand the strategic nature of the interface compared to other cloud products. This should help you set expectations on what features to use within Asset Inventory and when.
- Create a new dynamic tag for your OT assets, where:
Operator = Host System Type
Value = PLC
- Review the Operational Technology exposure card.
- Configure the exposure view settings to set customized card targets and to configure your Remediation SLA and SLA Efficiency based on your company policy.
- Create a custom exposure card based on business context, and include the new tag you created in Tenable Inventory.
- Unified cyber exposure strategy:
- Integrate Tenable OT Security with Tenable One to view Cyber Exposure risks comprehensively. This unified approach enhances cross-platform vulnerability identification and security management across IT, OT, and IoT environments.
- Real-time data synchronization:
- Synchronize OT data in real-time into Tenable One to maintain an up-to-date security posture. Continuous data flow provides immediate insights into OT threats and vulnerabilities, enabling prompt risk management
- Targeted remediation strategies:
- Utilize Tenable One's exposure analytics to prioritize remediation based on critical asset risk levels. This strategic focus ensures effective resource allocation to address the most significant threats to OT/IT networks.
- Custom exposure dashboards:
- Create customized exposure dashboards in Tenable One that display tailored security metrics for OT, IT, and IoT. These dashboards offer strategic insights that help optimize security operations and compliance.
- Enhanced asset visibility and control:
- Gain detailed insights into the security posture of assets through Tenable One's Asset Inventory. Initiate strategic asset protection planning across OT infrastructures, enhancing visibility and control over complex OT environments.
- Proactive security planning with Attack Path Analysis (APA):
- Tenable One’s Attack Path Analysis for OT enterprise environments preemptively identifies and mitigates vulnerabilities. This proactive approach allows for the simulation of attack scenarios relevant to OT, pinpointing potential exploits and enabling targeted defense strategies to protect critical OT assets and maintain operational continuity.
Tenable Cloud Security
After completing Tenable Attack Surface Management onboarding, we suggest setting up Tenable Cloud Security.
Get started by visiting the Tenable Cloud Security onboarding page and following the onboarding steps and best practices.
Tenable Cloud Security enables you to:
- Quickly connect cloud accounts and discover every cloud resource from Kubernetes clusters to virtual machines across multi-cloud environments
- Maintain an accurate, up to date inventory of your cloud assets
- Use agentless scanning to assess cloud security posture across infrastructure, workloads, data, identities and applications
- Enforce and report on regulatory compliance and best practice frameworks
- Govern privileged identities and effectively minimize the risk they impose on your organization by revealing unused identities, and identities with excessive or risky privileges
- Prioritize and remediate misconfigurations, risky entitlements and vulnerabilities by taking proactive mitigation steps facilitated through integration with ticketing, CI/CD pipelines, and infrastructure as code (IaC) workflows
- 1 Discover
- 2 Assess and Prioritize
- 2 Remediate and Achieve Compliance
Discover
Gather an Inventory of your cloud accounts and cloud resources across cloud service providers
Assess and Prioritize
Identify common cloud risks across your multi-cloud infrastructure including resource misconfigurations (e.g., Open S3 buckets, exposed databases, unrestricted ingress to administrative ports), risky privileges and vulnerabilities (e.g. malware, known exploits, CVEs). Prioritize based on true risk using identity and access insights.
Remediate and Achieve Compliance
Streamline remediation with resource ownership mapping and guided workflows. Maintain adherence to industry benchmarks and standards (e.g., CIS, SOC-2, PCI, NIST, HIPAA)
Tenable Cloud Security consolidates efforts to reduce cyber risk across your entire attack surface – without adding vendors or complexity. By integrating Tenable Cloud Security CNAPP into your Exposure Management solution you get visibility across on premises, hybrid and multi-cloud environments. This visibility allows you to focus on preventing likely attacks that can result from a toxic combination of vulnerabilities, misconfigurations and excess permissions.
Realize the Value of your Data
Once you deploy and configure all of the Tenable One point products you can use Asset Inventory, Lumin Exposure View and Attack Path Analysis to pull in data from the point products and get the most value out of that data.
Tenable Identity Exposure
Once you’ve completed Tenable Vulnerability Management onboarding, we recommend setting up Tenable Identity Exposure.
Get started by visiting the Tenable Identity Exposure onboarding page and following the onboarding steps and best practices.
Tenable Identity Exposure enables you to:
- Collapse enterprise siloes and unify all identities across Active Directory, hybrid and Entra ID to reveal your identity reality.
- Catch every change in Active Directory and gain control of identities dispersed between directory services, domains, and forests in one place.
- Evaluate all your identities and use identity risk scoring to discover where your riskiest identities reside.
- Continuously strengthen your security posture by assessing Active Directory and Entra ID against with hundreds of indicators of exposure
- Surface the longstanding configuration and permission issues that make identities a central part of most attacks.
- 1 Review and Secure Tenable Identity Exposure Administrators
- 2 Connect Identity Exposure and Tenable One
- 2 Address AD Exposures
Review and Secure Tenable Identity Exposure Administrators
Review and Secure Native Admins and continuously monitor and alert on net new users added.
Connect Identity Exposure and Tenable One
Follow the steps below to connect the two products in the Tenable One console and view the new Exposure Cards.
Address AD Exposures
Address common misconfigurations — i.e. Privileged Accounts with SPN attributes, Dangerous Delegations, DCSync rights and ensuring the MSOL ID is adequately secured through use of Group Managed Service Accounts, disabling and removing over-provisioned service accounts and user accounts that may be considered 'sleepy' to effectively reduce their attack surface.
Key Steps to Connect Tenable Identity Exposure and Tenable One
- Preparation and Planning
- Review Release Notes to understand new features and important changes.
- Select the appropriate architecture for deployment (on-premises).
- Check pre-deployment requirements, including resource planning.
- Install or Upgrade Tenable Identity Exposure
- Install or Upgrade Tenable Identity Exposure
- Install Secure Relay (mandatory form on–premises version 3,59 and SaaS) to forward data to Tenable Identity Exposure
- Post-deployment and Maintenance:
- Restart Services and perform Post-deployment Tasks.
- Use Logs for Troubleshooting any issues.
- Review Licensing and ensure compliance.
- Begin using Tenable Identity Exposure as described in the documentation.
- Configure Tenable Identity Exposure to Forward Data To Tenable One
- Log into Tenable one
- Click request on Tenable Identity Exposure Tile
- Generate and upload license file to Tenable One
- Configure Forests
Once connected, review these key capabilities:
- In Lumin Exposure View
- Review the Identity Exposure Card so you can set customized targets for analysis and remediation.
- Configure the exposure view settings to set a customized card target and configure remediation SLA and SLA efficiency based on company policy.
- Create a Custom Exposure Card for AD resources based on Business Context.
- Review AD assets in Asset Inventory. This will help identify AD assets and take appropriate actions to remediate
- For Tenable One Enterprise Customers Only
- Once your Identity scan completes, review the findings in Attack Path Analysis. Select a critical AD asset and generate a Blast Radius or Asset Exposure Graph query so you can visualize an attack path and understand how assets can create a path into and through your environment that may have previously been hidden.
Asset Inventory
Once you’ve completed onboarding point products, we recommend setting up Asset Inventory.
Asset Inventory is a critical aspect of Tenable One. In Asset Inventory you’re able to:
- View and manage all your assets in one location, regardless of their source.
- Get insight into assets you might otherwise have been unaware of, and identify your most critical assets.
- Quickly see which assets are new or updated in the last week.
- Use the Tag Overview page to quickly identify the total number of tags within Tenable One.
- Make sure you have properly tagged your assets. This will be particularly helpful in identifying assets that are subject to regulatory requirements such as PCI, GDPR, HIPAA etc.
- Review the assets that you were not aware of. They may be more likely to require remediation since they probably did not show up on previous scans.
- Make note of new assets within the last 7 days, and assets that have been recently updated. Use this information to ensure new assets are properly protected and have received necessary updates.
- Make note of the Asset Exposure Scores on your most critical assets and take appropriate action to remediate.
Lumin Exposure View
Once you’re up to speed on Asset Inventory it’s time to take a look at Lumin Exposure View.
Lumin Exposure View helps you understand your overall security posture as defined by your business context, asset criticality, and the effectiveness of your remediation efforts. Lumin Exposure View allows you to:
- Quickly quantify your overall enterprise risk exposure and identify which areas need further investigation.
- Measure and prioritize risk exposure progress or regression.
- Easily communicate important risk information to teams.
- Understand your Cyber Exposure Score to assess your overall risk. View changes over time and identify which categories to prioritize.
- Create custom exposure cards to track and report exposure metrics based on specific business contexts. Setting up extensive tags in Asset Inventory based on important criteria (ex. geographies, business units, asset types) will speed up the process.
- Configure Exposure Card settings to set your sparkline time span, benchmark industry, card targets, and more.
- Understand how effective your program is via the Remediation Maturity metric.
- Customize SLAs for each tag in your Exposure Cards as SLAs can vary depending on the environment, regulations, etc.
Tenable Attack Surface Management
*Tenable Attack Surface Management is only available within Tenable One Enterprise.
After your analytics check, we recommend onboarding Tenable Attack Surface Management.
Get started by visiting the Tenable Attack Surface Management onboarding page and following the onboarding steps and best practices.
Tenable.asm continuously maps the entire internet and discovers connections to your internet-facing assets (from web servers and name servers to IoT devices and network printers) so that you can:
- Understand your attack surface with visibility into all of your internet connected assets, services and applications.
- Gain insight into your entire attack surface in minutes, with minimal configuration so you can assess your security posture.
- Continuously monitor changes in your attack surface. Get notifications when changes take place.
- Configure Tenable Attack Surface Management with as many of your primary domains as possible. Let this “run” for a week or so, the product will ingest and scrape the internet to pull in relevant external data.
- Go through your suggested domains and add them to your inventory if they are relevant for your organization. This ensures all relevant, external data is within the platform.
Tenable Attack Path Analysis
*Tenable Attack Path Analysis is only available within Tenable One Enterprise.
Get started by visiting the Tenable Attack Path Analysis onboarding page and following the onboarding steps and best practices.
- Anticipate and prioritize your most critical attack paths within your environment as attackers see them.
- Automatically correlate your exposures, identity, access and permissions, business critical assets and tie those relationships together for an up to date view of your environment.
- See what techniques you are most susceptible to using the MITRE ATT&CK framework.
- Explore the relationships within your environment using visualizations and relationship mappings to apply choke points.
- Review your Findings to determine the most critical attack paths and determine your next course of action.
- Explore and get specific contextual data when you explore the different nodes within an attack path visualization.
- Under ATT&CK, see where you are most at risk against the MITRE ATT&CK framework.