Skip to main content
Tenable.io Connector

Learn all about integrating Tenable.io into the Vulcan Platform

Updated over 9 months ago

Overview

About Tenable.io

Managed in the cloud and powered by Nessus technology, Tenable.io provides the industry's most comprehensive vulnerability coverage with the ability to predict which security issues to remediate first. It’s your complete end-to-end vulnerability management solution.

Why integrate Tenable.io into the Vulcan platform?

The Tenable.io Connector by Vulcan integrates with the Tenable.io platform to pull and ingest host-type assets and vulnerability data into your Vulcan Platform. Once the integration is complete, the Vulcan Platform scans the report's findings to correlate, consolidate, and contextualize the ingested data to impact risk and remediation priority based on your business context.

Tenable.io Connector details

The Vulcan Platform ingests Tenable.io hosts and vulnerabilities through API.

Supported products

Category

Vulnerability Assessment

Ingested asset type(s)

Hosts

Integration type

UNI directional (data is transferred from Tenable.io to the Vulcan Platform in one direction)

Supported version and type

SaaS (latest)

Support Limitations

  • Terminated or deleted assets are not retrieved.

  • Only vulnerabilities seen in the last 30 days are retrieved.

  • Only licensed assets are retrieved.


Connector Setup

Prerequisites and user permissions

Before you begin configuring the connector, make sure to perform the following:

  • Create a Tenable.io user with permissions

  • Generate API Key and Secret Key

Create Tenable.io User and Permissions

  1. Go to Tenable.io > Settings > Access Control > Permissions > +Create Permission

  2. Set the permissions as shown below:

  3. Click Save.

  4. Create additional permission for tags fetching. make sure to select “Can Use” and “All Tags”

  5. Go to Tenable.io > Settings > Access Control > Create User

  6. Fill in the primary user details.

  7. For ROLE, select "Basic User".

  8. Then, enable the API Key option.

  9. For PERMISSIONS, select both of the permission you created earlier for the integration purpose.

  10. Click Save.

  11. Logout.

Generate Tenable.io Client API and Secret Key

  1. Login to Tenable.io using the User you created above.

  2. Go to Settings > My Account > API Keys

  3. Click Generate.

  4. Save the API Access Key and Secret Key somewhere safe.


Configuring the Tenable.io Connector

  1. Log in to your Vulcan Cyber dashboard and go to Connectors.

  2. Click on Add a Connector.

  3. Click on the Tenable.io icon.

  4. Set up the connector as follows:

    • First, insert the Servel URL of your Tenable.io instance.

    • Next, insert the API Access and Secret Keys you generated earlier.

  5. Optional: Check the "Send unsannced assets to Tenable" if relevant.

  6. Optional: If relevant, check the "Pull informational vulnerabilities from Tenable" option. Check this option if you want the Vulcan Platform to retrieve informational vulnerabilities in addition to Critical/High/Medium/Low vulnerabilities.

  7. Click the Test Connectivity button to verify that Vulcan Cyber can connect to your Tenable.io instance, then click Create (or Save Changes).

  8. Inactive Assets: You can configure a Vulcan rule to consider inactive assets, and Vulcan will remove assets that do not appear in scans within the configured time range.

  9. Allow some time for the sync to complete. Then, you can review the sync status under Log.

  10. To confirm the sync is complete, navigate to the Connectors tab to check the sync status. Once the Tenable.io icon shows Connected, the connection is complete.


Tenable.io in the Vulcan Platform

Locating Tenable.io vulnerabilities in the Vulcan Platform

As Tenable.io discovers vulnerabilities, the Vulcan Platform Connector imports those vulnerabilities for reporting and action. You can view vulnerabilities via Connector by using the relevant filter:

  1. Open the Vulcan Platform dashboard and navigate to the Vulnerabilities.

  2. Click on the Search or filter vulnerabilities search box, start typing "Connector" or "Vulnerability source" or scroll to find these options and select one.

  3. Locate Tenable.io on the vulnerability source/Connector list and click to filter results.

  4. Click on any vulnerability to view further information.

Locating Tenable.io Host assets in the Vulcan Platform

To find all retrieved host assets from Tenable.io:

  1. Open the Vulcan Cyber dashboard and navigate to Assets.

  2. Click on the Hosts tab.

  3. Click on the Search or filter websites input box and select Connector from the drop-down selection.

  4. Locate the Tenable.io option to view all synced assets.

Automating actions on vulnerabilities detected by Tenable.io

Large environments quickly become unmanageable if constant manual attention and effort are necessary to remediate vulnerabilities. You can take advantage of the automation capabilities of Vulcan Cyber and the Tenable.io Connector.

Click here to learn how to create automation in the Vulcan Cyber Platform.


From Tenable.io to the Vulcan Platform - Data Mapping

The Vulcan Platform integrates with Tenable.io through API to pull relevant vulnerabilities and assets data and map it into the Vulcan Platform.

Hosts mapping

Tenable.io field

Vulcan field

id

Asset Uniqueness criteria

hostnames / netbios_names / fqdns/ ipv4s

Asset Name

last_authenticated_scan_date

last_licensed_scan_date

Tracking Method

agent_uuid

Asset details

Hosts

Asset type

ipv4s

Asset IP

operating_systems

Asset OS

operating_systems

Asset OS Version

first_seen

Asset Created date

last_seen

Asset Last seen date

fqdns

Asset FQDN

mac_addresses

Asset Multiple mac addresses

tags

Asset Tags - Vendor’s tags

Cloud source

aws_owner_id

azure_resource_id

Asset Tags - Additional

asset id + port.port + port.protocol + unique vulnerability id

Vulnerability instance uniqueness criteria

first_found

Vulnerability instance first seen

last_found

Vulnerability instance Last seen

state

Vulnerability instance status

port.port

Vulnerability instance port

port.protocol

Vulnerability instance protocol

plugin.cpe

Vulnerability instance packages

plugin.id

Unique vulnerability uniqueness criteria

plugin.name

Unique vulnerability title

cvss3_base_score / cvss_base_score

Unique vulnerability score

plugin.description

Unique vulnerability description

first_found, plugin.family, plugin.solution, plugin.id, plugin.vpr.score, plugin.cpe, plugin.cvss3_temporal_vector, plugin.publication_date, plugin.modification_date , plugin.cvss3_temporal_score

Unique vulnerability details

plugin.cpe

Unique vulnerability affected packages

plugin.cvss3_base_score / plugin.cvss_base_score

Unique vulnerability CVSS

plugin.cve

Unique vulnerability CVE/S

plugin.cvss3_vector.raw

Unique vulnerability CVSS attack vector

plugin.name

Solution uniqueness criteria

Tenable fix for plugin.name

Solution title

plugin.solution

Solution description

plugin.see_also

Solution references

Vulnerability status mapping

Tenable.io status

Vulcan status

Vulnerable

Vulnerable

Fixed

Fixed

Vulnerability score mapping

Tenable.io score

Vulcan score

0-10

Based on cvss3_base_score.

0-10

Status update mechanisms

Every day, the Vulcan Platform syncs with the vendor's platform to receive updates on existing vulnerabilities and assets and to retrieve new ones (if any were added).

The table below describes how the status update mechanism works in the Tenable.io connector for the Tenable.io vulnerabilities and assets ingested into the Vulcan Platform.

Update type

Mechanism

Archiving Assets

Assets are ”terminated” / “deleted” if the connector indicates the asset is no longer relevant and can be archived.

Change of vulnerability instances status from "Vulnerable" to "Fixed"

Vulnerability status changes to "fixed" in Vulcan upon the status change to "fixed" on the vendor's side.

Note: Asset or vulnerability updates on the vendor side are reflected on the Vulcan Platform only when the next scheduled connector sync time is complete.


API

API Endpoints in use

API version: 1.0

API

Use in Vulcan

Permissions required

/assets/export

Generate assets report

Basic User

/assets/export/{{uuid}}/status

Check assets report status

Basic User

/assets/export/{{uuid}}/chunks/{{chunk}}

Get assets chunk

Basic User

/vulns/export

Generate vulnerabilities report

Basic User

/vulns/export/{{uuid}}/status

Check vulnerability report status

Basic User

/vulns/export/{{uuid}}/chunks/{{chunk}}

Get vulnerability chunk

Basic User


Data Validation

This document provides a step-by-step guide on validating and comparing data between Vulcan and Tenable.

Matching Assets

Goal: Validate the assets count between Tenable and Vulcan. Tenable’s hosts' count should match the Vulcan hosts' count.

In Tenable:

  1. On the left menu under "Explore," click on "Assets."

  2. Click on the "Hosts" tab and ensure no filter is applied.

In Vulcan:

Got to Assets and filter by connector Tenable.io

Matching Unique Vulnerabilities

Goal: Compare the count of unique vulnerabilities between Tenable and Vulcan. The UNique Vulnerability count in tenable should match the one in Vulcan.

In Tenable:

  1. On the left menu under "Explore," click on "Findings."

  2. Filter only by State: Active, Resurfaced, New.

  3. Group by Plugin (unique vulnerability name in Vulcan).

In Vulcan:

Go to Vulnerabilities and filter by Tenbale connector.

Matching Vulnerability Instances

Goal: Match the vulnerability instances count between Tenable and Vulcan.

In Tenable:

On Tenable's vulnerabilities view, vulnerability instances are counted under the column “Vuln count.”

This count should match the assets count under Vulcan’s unique vulnerabilities.

In Vulcan:

From the Assets view, click on a specific asset. In the vulnerability details, you should see the count of vulnerability instances (findings).

This count should match the vulnerability instances count under the single asset view in Tenable.


Did this answer your question?