Tenable data integration
A description of how the Tenable data integration for Vantage works.
Assets
This integration sends assets information stored in Vantage to a TenableIO instance.
The asset information that follows is sent to TenableIO:
ip
mac_address
os
name
type
(mapped to TenableIO system type: router, embedded, and general-purpose)cpe
(having a likelihood greater or equal to 0.7)
The source value, which can be used to filter assets on TenableIO, used to import the assets on TenableIO is 'External Source - ' concatenated with the description specified when creating the integration.
Vulnerabilities
The Tenable integration sends asset vulnerabilities stored in Vantage to a TenableIO instance when Enable sending Asset Vulnerabilities is selected. Vulnerabilities are sent if they match the following requirements:
- They refer to an asset having an internet protocol (IP) address
- They have a likelihood value greater than, or equal to 0.7
- They are unresolved
- The Common Vulnerabilities and Exposures (CVE) identifier must be accepted by at least one of the TenableIO Plugins
- There is a match between the
Asset vendor
andMatching cpes
fields with the Tenable Pluginxref
andcpe
fields. In the case of the Common Platform Enumeration (CPE), only the vendor information is used. If multiple plugins match, Vantage sends them all. The accuracy value submitted in thePlugin Output
is 90%. - There is a match between the
Asset vendor
orMatching cpes
fields with the Tenable Pluginxref
orcpe
fields. In the case of the CPE, only the vendor information is used. If multiple plugins match, Vantage sends those that match CPEs. If they do not match by CPEs, Vantage uses the vendor information instead. If there are several that match, Vantage sends all the matching plugins. For example, Vantage sends only those that match CPEs, or those that match the vendor, but not both. The accuracy value submitted in thePlugin Output
is 60%. - There is no match between the
Asset vendor
orMatching cpes
fields with the Tenable Pluginxref
orcpe
fields. In the case of the CPE, only the vendor information is used. None are sent, unless only one plugin is available. The accuracy value submitted in thePlugin Output
is 5%.
The vulnerabilities information that follows is sent to TenableIO:
cve
time
The output value of the TenableIO Plugin is set to Imported from
,
concatenated with the source value, and the accuracy value - as defined in the Vulnerabilities section above.
Edit configuration
It is possible to edit an existing integration configuration.
You can edit these fields:
- Access Key
- Secret Key
- Asset query
- Scan name
Once you have updated the fields, you can select Update.