In this article you will find:

  1. Pre-requisite

  2. How to configure Tenable.sc connector in Vulcan platform

  3. How to pull assets and vulnerabilities from Tenable.sc into Vulcan platform

  4. How to automate remediation actions with Tenable.sc

1. Pre-requisite

Supported version: 5.13.0

Required Role: Security Manager

2. Configure Tenable.sc Connector

In the Connectors page, click on Add a Connector.

Click on the Tenable.sc connector

Fill all relevant fields:

Server URL - URL of your Tenable.sc account

API Key - Key in order to communicate with Tenable.sc API
API keys are per account - Create them with the Vulcan user (as defined in pre-requisite)

Secret Key - Key in order to communicate with Tenable.sc API
Secret key is generated along with the API key.

If you encounter issues with generating API keys, follow Tenable.sc guide.

Click on Create - And you're all set up!

  • You can see the connector's progress in the Log tab

3. Fetch assets and vulnerabilities from Tenable.sc

Under Assets --> Hosts, new assets from your Tenable.sc account will be added to Vulcan

You can view in Sources the product that identified the asset
In addition, you have full visibility of vulnerabilities found on each specific asset and other important details about the asset (OS, last scan, tags and more)

Click on an asset to view its Asset Card.

All the vulnerabilities found by Tenable.sc will be displayed under the Vulnerabilities tab

All the relevant data from Tenable.sc is pulled and can be viewed under the Details tab.

4. Automating Remediation Actions on Tenable.sc

With Vulcan, you can automate remediation actions on specific assets.
Navigate to the Automation page, click on Create new Playbook.
Name your playbook. For example: “Remediate Tenable”
Add a description to your Playbook (optional)
Choose your Playbook’s trigger (Vulnerabilities to fix)

  • Vulnerability from a source – The connector from which we pull assets. For example: Vulnerabilities from source Tenable.sc.

  • Vulnerability where – The rule which the playbook will be attached by. For example: Vulnerability where CVSS Score is greater than 7.

  • On assets where – The asset’s property you wish to be automated. For example: On assets where OS is Windows.

  • In this example, the vulnerability that will be fixed is any vulnerability with CVSS score higher than 7, which was found on assets with Windows OS, and that was discovered by Tenable connector.

Notes:

  • The /rest/analysis api used to fetch the connections between an Asset and a Vulnerabilities (and the Vulnerabilities data itself), using patched and cumulative to fetch Fixed and Vulnerable data (respectively), giving the following time filter:

"filters": [{"filterName": "lastSeen", "operator": "=", "value": f"0:{DAYS-AGO}"}

Did this answer your question?