In this article you will find:
- How to configure Tenable.io connector in Vulcan platform
- How to pull assets and vulnerabilities from Tenable.io into Vulcan platform
- How to automate remediation actions with Tenable.io
Vulcan's Tenable.io connector requires a dedicated Administrator user role dedicated for Vulcan's Tenable.io connector (Settings --> Users --> New User)
Note: The user info in this manual is only for manual purposes. You can fill your user info or choose an existing user with proper permission.
Grant Vulcan user permissions to Target Groups (Scans --> Target Groups --> Select Target Group)
Grant Vulcan user permissions to Asset Groups (Scans --> Agents --> Agent Groups --> Select Asset Groups --> Permissions)
2. Configure Tenable.io Connector
In the Connectors page, click on Add a Connector.
Click on the Tenable.io connector
Fill all relevant fields:
Server URL - URL of your Tenable.io account
For example: https://cloud.tenable.com
API Key - Key in order to communicate with Tenable.io API
API keys are per account - Create them with the Vulcan user (as defined in pre-requisite)
Secret Key - Key in order to communicate with Tenable.io API
Secret key is generated along with the API key.
Go to My Account --> API Keys --> Generate keys.
Note that API Keys only present upon initial generation, so it's important to store them in a safe location as hey cannot be retrieved and will need to be regenerated if lost.
We highly recommend Login to your Tenable account with the credentials you've provided.
Click on Create
- You can see the connector's progress in the Log tab
3. Fetch assets and vulnerabilities from Tenable.io
In Assets --> Hosts, new assets from your Tenable.io account will be added to Vulcan
You can view in Sources the product that identified the asset
In addition, you have full visibility of vulnerabilities found on each specific asset and other important details about the asset (OS, last scan, tags and more)
Tags are created based on the Agent Groups an host is associated with and related Tags as defined in Tenable.io.
Click on an asset to view its Asset Card.
All the vulnerabilities found by Tenable.io will be displayed under the Vulnerabilities tab
All the relevant data from Tenable.io is pulled and can be viewed under the Details tab.
4. Automating Remediation Actions on Tenable.io
With Vulcan, you can automate remediation actions on specific assets.
Navigate to the Automation page, click on Create new Playbook.
Name your playbook. For example: “Remediate Tenable”
Add a description to your Playbook (optional)
Choose your Playbook’s trigger (Vulnerabilities to fix)
- Vulnerability from a source – The connector from which we pull assets. For example: Vulnerabilities from source Tenable.
- Vulnerability where – The rule which the playbook will be attached by. For example: Vulnerability where CVSS Score is greater than 7.
- On assets where – The asset’s property you wish to be automated. For example: On assets where OS is Windows.
- In this example, the vulnerability that will be fixed is any vulnerability with CVSS score higher than 7, which was found on assets with Windows OS, and that was discovered by Tenable connector.
Choose an action at Remediation actions to automate the process.
For example: Open ServiceNow ticket and assign it to the relevant team.