Tenable data integration

A description of how the Tenable data integration for Vantage works.

Assets

This integration sends assets information stored in Vantage to a TenableIO instance.

Note: Only assets that have a confirmed media access control (MAC) address are taken into consideration.

The asset information that follows is sent to TenableIO:

  • ip
  • mac_address
  • os
  • name
  • type (mapped to TenableIO system type: router, embedded, and general-purpose)
  • cpe (having a likelihood greater or equal to 0.7)

The source value, which can be used to filter assets on TenableIO, used to import the assets on TenableIO is 'External Source - ' concatenated with the description specified when creating the integration.

Vulnerabilities

The Tenable integration sends asset vulnerabilities stored in Vantage to a TenableIO instance when Enable sending Asset Vulnerabilities is selected. Vulnerabilities are sent if they match the following requirements:

  • They refer to an asset having an internet protocol (IP) address
  • They have a likelihood value greater than, or equal to 0.7
  • They are unresolved
  • The Common Vulnerabilities and Exposures (CVE) identifier must be accepted by at least one of the TenableIO Plugins
  • There is a match between the Asset vendor and Matching cpes fields with the Tenable Plugin xref and cpe fields. In the case of the Common Platform Enumeration (CPE), only the vendor information is used. If multiple plugins match, Vantage sends them all. The accuracy value submitted in the Plugin Output is 90%.
  • There is a match between the Asset vendor or Matching cpes fields with the Tenable Plugin xref or cpe fields. In the case of the CPE, only the vendor information is used. If multiple plugins match, Vantage sends those that match CPEs. If they do not match by CPEs, Vantage uses the vendor information instead. If there are several that match, Vantage sends all the matching plugins. For example, Vantage sends only those that match CPEs, or those that match the vendor, but not both. The accuracy value submitted in the Plugin Output is 60%.
  • There is no match between the Asset vendor or Matching cpes fields with the Tenable Plugin xref or cpe fields. In the case of the CPE, only the vendor information is used. None are sent, unless only one plugin is available. The accuracy value submitted in the Plugin Output is 5%.

The vulnerabilities information that follows is sent to TenableIO:

  • cve
  • time

The output value of the TenableIO Plugin is set to Imported from, concatenated with the source value, and the accuracy value - as defined in the Vulnerabilities section above.

Edit configuration

It is possible to edit an existing integration configuration.

You can edit these fields:

  • Access Key
  • Secret Key
  • Asset query
  • Scan name
Figure 1. Edit configuration fields
Edit configuration fields

Once you have updated the fields, you can select Update.

Figure 2. Update integrations
Update integrations