Table of Contents
Overview
About Tenable.sc
The Tenable.sc platform provides a comprehensive and integrated view of your enterprise security posture to identify, investigate and prioritize vulnerabilities. Tenable.sc is managed on-premises and powered by Nessus technology, providing visibility into your dynamic attack surface so you can manage and measure your cyber risk.
Why Integrating Tenable.sc into the Vulcan platform?
The Tenable.sc connector by Vulcan integrates with Tenable.sc to pull and ingest Host type assets and vulnerabilities into thr Vulcan Platform. Once the integration is complete, the Vulcan Platform correlates, consolidates, and contextualizes the ingested data to impact risk and remediation priority. Read more here.
Connector details
Category: Vulnerability Assessment
Ingested asset type: Hosts
Prerequisites and User Permissions
Supported version: Tenable.sc v5.13 and above
Tenable.sc API User with the following access: Create a user with an Executive Role at minimum. Higher permission roles might be required depending on the asset groups and data level you wish to access. You can review the list of Tenable.sc roles and their access level here:
https://docs.tenable.com/tenablesc/Content/UserRoles.htm
API access and secret keys for the user you created. Follow the instructions at:
https://docs.tenable.com/tenablesc/Content/GenerateAPIKey.htm
API Endpoints in Use
/rest/currentUser
/rest/analysis
/rest/asset?fields=id,name,ownerGroup,tags,ipCount,groups
/rest/asset/ ?fields=id,viewableIPs
Note: The /rest/analysis
API is used to fetch the connections between an Asset and a Vulnerabilities (and the Vulnerabilities data itself), using patched
and cumulative
to fetch Fixed
and Vulnerable
data (respectively), giving the following time filter:
"filters": [{"filterName": "lastSeen", "operator": "=", "value": f"0:{DAYS-AGO}"}
Configure the Tenable.sc Connector
Log in to your Vulcan Cyber dashboard and go to Connectors.
Click on Add a Connector.
Click on the TenableSc icon.
Enter the following information into the connector setup page:
Server URL: Enter the URL (including port number) of your SecurityCenter Installation.
API Access and Secret Keys as retrieved above.
Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Tenable.sc instance, then click Create (or Save Changes).
Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.
Allow some time for the sync to complete. You can review the sync status under Log.
To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Tenable.sc icon shows Connected, the connection is complete.
From Tenable.sc to the Vulcan Platform - Fields Mapping
Hosts mapping
Tenable.sc Field | Vulcan Field |
UUID Repository ID Host name IP | Asset Uniqueness criteria |
Host - DNS Name/IP | Asset Name |
OS CPE (version) Repository ID Repository name Agent UUID Groups | Asset Details |
Hosts | Asset type |
IP | IP |
OS | OS |
OS CPE | OS Version |
First seen date | Created Date |
Asset tags | Asset tags |
Port | Vulnerability instance uniqueness criteria |
First seen | Vulnerability instance first seen |
PluginID | Unique vulnerability uniqueness criteria |
Plugin name | Vulnerability title |
Description | Vulnerability Description |
PluginID Family Ports Protocols VPR | Vulnerability details |
CVE | CVE/S |
Fix from tenable.sc | Fix title |
Solution | Fix Description |
Output (plugin text) | Asset - Vulnerability instance connection (info tooltip) |
Vulnerability Status Mapping
Tenable.sc Status | Vulcan Status |
/rest/analysis/cumulative | Vulnerable |
/rest/analysis/patched | Fixed |
when acceptRisk =1 | Ignored - Risk Acknowledged |
Vulnerability Score Mapping
Tenable.sc Score | Vulcan Score |
Critical | 10 |
High | 7 |
Medium | 5 |
Low | 3 |
Info | 0 |
Fallback: cvss/cvss3 base score
Locate Tenable.sc vulnerabilities in the Vulcan Platform
As Tenable.sc discovers vulnerabilities, the Vulcan Platform connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:
In the Vulcan Platform, navigate to Vulnerabilities > Unique Vulnerabilities.
Click on the "Search or filter vulnerabilities" search box and select the Vulnerability Source option.
Locate Tenable.sc on the vulnerability source/Connector list and click to filter results.
Click on a vulnerability on the results list for more information on the vulnerability.
Locate Tenable.sc assets in the Vulcan Platform
To locate all Tenable.sc ingested hosts:
In the Vulcan Platform, navigate to Assets > Hosts.
Click on the "Search or filter hosts" input box and select the Connector option.
Locate the Tenable.sc option to view all synced assets
Click on an asset on the results list for more information on the asset.
Automate remediation actions on vulnerabilities detected by Tenable.sc
Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Tenable.sc connector.
Click here to learn how to create automation in the Vulcan Cyber Platform.