TenableSC (formerly Tenable SecurityCenter) is a vulnerability assessment solution that provides insight into the security posture of your distributed and complex IT Infrastructure.
Use the TenableSC Connector to import your vulnerability scan information into Cisco Vulnerability Management to assist you in reducing risk across your environment.
User Prerequisites/TenableSC Connector Setup
-
Given the on-premise nature of Tenable.sc, you must have the Kenna Virtual Tunnel deployed in the same network as your Tenable scanner to allow Cisco Vulnerability Management to connect with Tenable.sc. The Kenna agent does not currently support TenableSC, but may do so in the future.
-
Must have API access
-
User role must be a “Security Manager”
-
Note:The TenableSC connector excludes Informational vulnerabilities for performance reasons. When this option is enabled, non-CVE vulnerabilities will be imported. This includes X509 Cert expirations, TLS out-of-date (TLS 1.0, 1.1), Open Port Re-checks, Firewall Rule Enumeration, Self-Signed Certificates, etc.
- Please contact your Customer Success Team or Support to enable the import of informational vulnerabilities if you wish.
Configuring your TenableSC Connector in Cisco Vulnerability Management
Navigate to the Connectors tab in your Cisco Vulnerability Management deployment (you must be a Cisco Vulnerability Management Administrator).
Once you select the TenableSC icon from the Cisco Vulnerability Management Connectors page, you will see a screen like this:
-
Enter a name for the connector
-
Enter the username/password for the Security Manager level account
-
Enter the Host information for your scanner. When entering the host IP and port, there is no need to prefix with https:// as it is not required.
- Examples: securitycenter.company.com:443 or 10.0.0.1:443
-
Select the frequency that you want to run your TenableSC Connector
-
Check the box for “Use Kenna Virtual Tunnel”
-
Save and Verify
Note: There are no plans to support 2FA for connector credentials. The Cisco Vulnerability Management platform itself currently supports 2FA using Duo Security.
Note: At this time you can also select an Asset Inactivity Limit for the Connector. You are not required to do so, and if you do not, the Global Asset Inactivity Limit will apply.
What TenebleSC items are synced with Cisco Vulnerability Management items?
plugin_details:name |
Name |
|
plugin_id |
Identifier (Vulnerability) |
|
Description |
Description |
seeAlso + related CVE IDs + BugTraq IDs + xrefs |
Solution |
Solution/Fix |
|
patchPubDate |
Fix Published Date |
|
severity + id |
scanner_score |
|
Status |
Vulnerability Status |
Only maps open/closed vulnerabilities. We will autoclose any vulnerability not seen on the next Connector import (by the same connector). |
plugin_details |
Details / Synopsis |
|
Vuln > cve |
CVE |
|
port |
Ports |
|
lastSeen |
Last Seen |
|
firstSeen |
Found On |
|
N/A |
Closed |
Date the vuln is no longer reported to Cisco Vulnerability Management. Not mapped to scanner field given "closed" status vulns are not reported to Cisco Vulnerability Management. |
N/A |
Created |
Date the vuln was first imported to Cisco Vulnerability Management. Not mapped to a scanner field. |
os_vendor |
OS |
|
vulnerability_plugin_id |
external_id |
|
dnsName |
hostname |
|
ip |
ip_address |
|
macAddress |
MAC_address |
|
netbiosName |
netbios |
|
Tags |
Tags |
All of these items are converted to tags within Cisco Vulnerability Management. |
Optional Settings
The following settings can be enabled on the backend for TenableSC Connectors. To get these settings enabled or for more information, please contact Support, or your Customer Success Engineer.
-
Include Informationals
-
Note: TenableSC excludes Informational vulnerabilities for performance reasons. When this option is enabled, non-CVE vulnerabilities will be imported. This includes X509 Cert expirations, TLS out-of-date (TLS 1.0, 1.1), Open Port Re-checks, Firewall Rule Enumeration, etc.
-
-
Skip Tags
-
This setting will allow you to NOT create any Tags within Cisco Vulnerability Management based on the TenableSC metadata.
-
-
Ignore Scanner Last Seen Time
-
If you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.
-
-
Tag Reset
-
This setting will assist in keeping your TenableSC metadata in sync with Cisco Vulnerability Management. Each time the connector is run, ALL tags within Cisco Vulnerability Management will be removed and the TenableSC tag metadata re-created.
-
If you have created any manual tags OR any tags were created off of metadata from other connectors that tag info will be removed and will be refreshed once those other connectors are rerun.
-
-
Custom Ordered Locators
-
Locators (IP, Netbios, FQDN, etc) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information see the help article here.
-
Additional Assistance
Please contact Support should you require any additional assistance with the Tenable SC Connector.
Comments
Please sign in to leave a comment.