Tenable SC (fka Security Center) Connector

TenableSC (formerly Tenable SecurityCenter) is a vulnerability assessment solution that provides insight into the security posture of your distributed and complex IT Infrastructure.

 

Use the TenableSC Connector to import your vulnerability scan information into Cisco Vulnerability Management to assist you in reducing risk across your environment.

 

User Prerequisites/TenableSC Connector Setup

  • Given the on-premise nature of Tenable.sc, you must have the Kenna Virtual Tunnel deployed in the same network as your Tenable scanner to allow Cisco Vulnerability Management to connect with Tenable.sc. The Kenna agent does not currently support TenableSC, but may do so in the future.

  • Must have API access

  • User role must be a “Security Manager” 

  • Note:The TenableSC connector excludes Informational vulnerabilities for performance reasons. When this option is enabled, non-CVE vulnerabilities will be imported. This includes X509 Cert expirations, TLS out-of-date (TLS 1.0, 1.1), Open Port Re-checks, Firewall Rule Enumeration, Self-Signed Certificates, etc.

    • Please contact your Customer Success Team or Support to enable the import of informational vulnerabilities if you wish. 

Configuring your TenableSC Connector in Cisco Vulnerability Management

Navigate to the Connectors tab in your Cisco Vulnerability Management deployment (you must be a Cisco Vulnerability Management Administrator).

tnb sc.png

 

Once you select the TenableSC icon from the Cisco Vulnerability Management Connectors page, you will see a screen like this:

image1.png
  • Enter a name for the connector

  • Enter the username/password for the Security Manager level account

  • Enter the Host information for your scanner. When entering the host IP and port, there is no need to prefix with https:// as it is not required. 

    • Examples: securitycenter.company.com:443 or 10.0.0.1:443
  • Select the frequency that you want to run your TenableSC Connector

  • Check the box for “Use Kenna Virtual Tunnel”

  • Save and Verify

Note: There are no plans to support 2FA for connector credentials. The Cisco Vulnerability Management platform itself currently supports 2FA using Duo Security.

Note: At this time you can also select an Asset Inactivity Limit for the Connector. You are not required to do so, and if you do not, the Global Asset Inactivity Limit will apply. 

What TenebleSC items are synced with Cisco Vulnerability Management items?

Tenable SC Field

Cisco Vulnerability Management Field

Notes

plugin_details:name

Name

 

plugin_id

Identifier (Vulnerability)

 

Description

Description

seeAlso + related CVE IDs + BugTraq IDs + xrefs

Solution

Solution/Fix

 

patchPubDate

Fix Published Date

 

severity + id

scanner_score

 

Status

Vulnerability Status

Only maps open/closed vulnerabilities. We will autoclose any vulnerability not seen on the next Connector import (by the same connector).

plugin_details

Details / Synopsis

 

Vuln > cve

CVE

 

port

Ports

 

lastSeen

Last Seen

 

firstSeen

Found On

 

N/A

Closed

Date the vuln is no longer reported to Cisco Vulnerability Management. Not mapped to scanner field given "closed" status vulns are not reported to Cisco Vulnerability Management. 

N/A

Created

Date the vuln was first imported to Cisco Vulnerability Management. Not mapped to a scanner field.

os_vendor

OS

 

vulnerability_plugin_id

external_id

 

dnsName

hostname

 

ip

ip_address

 

macAddress

MAC_address

 

netbiosName

netbios

 

Tags
Owner (firstname + lastname)
Name
Groups

Tags

All of these items are converted to tags within Cisco Vulnerability Management.

 

Optional Settings

The following settings can be enabled on the backend for TenableSC Connectors. To get these settings enabled or for more information, please contact Support, or your Customer Success Engineer.

  • Include Informationals

    • Note: TenableSC excludes Informational vulnerabilities for performance reasons. When this option is enabled, non-CVE vulnerabilities will be imported. This includes X509 Cert expirations, TLS out-of-date (TLS 1.0, 1.1), Open Port Re-checks, Firewall Rule Enumeration, etc.

  • Skip Tags

    • This setting will allow you to NOT create any Tags within Cisco Vulnerability Management based on the TenableSC metadata.

  • Ignore Scanner Last Seen Time

    • If you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.

  • Tag Reset

    • This setting will assist in keeping your TenableSC metadata in sync with Cisco Vulnerability Management. Each time the connector is run, ALL tags within Cisco Vulnerability Management will be removed and the TenableSC tag metadata re-created.

    • If you have created any manual tags OR any tags were created off of metadata from other connectors that tag info will be removed and will be refreshed once those other connectors are rerun.

  • Custom Ordered Locators

    • Locators (IP, Netbios, FQDN, etc) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information see the help article here.

Additional Assistance

Please contact Support should you require any additional assistance with the Tenable SC Connector.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.