Tenable SC (formerly Security Center) Connector

TenableSC (formerly Tenable SecurityCenter) is a vulnerability assessment solution that provides insight into the security posture of your distributed and complex IT Infrastructure.

Use the TenableSC Connector to import your vulnerability scan information into Cisco Vulnerability Management to assist you in reducing risk across your environment.

Prerequisites

  • Given the on-premise nature of Tenable.sc, you must have the Virtual Tunnel deployed in the same network as your Tenable scanner to allow Cisco Vulnerability Management to connect with TenableSC. The Agent does not currently support TenableSC, but might do so in the future.

  • You must have API access.

  • The user role must be a “Security Manager”.

  • Note: The TenableSC connector excludes Informational vulnerabilities for performance reasons. When this option is enabled, non-CVE vulnerabilities will be imported. This includes X509 Cert expirations, TLS out-of-date (TLS 1.0, 1.1), Open Port Re-checks, Firewall Rule Enumeration, and Self-Signed Certificates.

Contact your Customer Success Team or Cisco Support to enable the import of informational vulnerabilities if you wish. 

Configuring your TenableSC Connector in Cisco Vulnerability Management

1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. In the Vulnerability Management section, click tenable.sc.

Tenable-SC.png

4. On the Tenable SecurityCenter page, enter the following information:

Tenable-SC-2.png
  • Name: Enter a name for the connector, or leave it as Tenable Security Center.
  • Username and Password: Enter the credentials for the Security Manager level account.
  • Host: Enter the Host information for your scanner. When entering the host IP and port, you don't need to prefix it with https://. For example: securitycenter.company.com:443 or 10.0.0.1:443
  • Schedule Select the frequency that you’d like your Connector to run.
  • Use Virtual Tunnel: Select this option.
  • Asset Inactivity Limit: Optionally, enter a time in days for the connector level asset inactivity limit. You are not required to do so, and if you do not, the Global Asset Inactivity Limit will apply.

5. Click Save and Verify.

Note: There are no plans to support 2FA for connector credentials. Cisco Vulnerability Management supports 2FA using Duo Security.

What TenableSC items are synchronizeded with Cisco Vulnerability Management items?

Tenable SC Field

Cisco Vulnerability Management Field

Notes

plugin_details:name

Name

 

plugin_id

Identifier (Vulnerability)

 

Description

Description

seeAlso + related CVE IDs + BugTraq IDs + xrefs

Solution

Solution/Fix

 

patchPubDate

Fix Published Date

 

severity + id

scanner_score

 

Status

Vulnerability Status

Only maps open/closed vulnerabilities. We will autoclose any vulnerability not seen on the next Connector import (by the same connector).

plugin_details

Details / Synopsis

 

Vuln > cve

CVE

 

port

Ports

 

lastSeen

Last Seen

 

firstSeen

Found On

 

N/A

Closed

Date the vulnerability is no longer reported to Cisco Vulnerability Management. Not mapped to scanner field given "closed" status vulns are not reported to Cisco Vulnerability Management. 

N/A

Created

Date the vulnerability was first imported to Cisco Vulnerability Management. Not mapped to a scanner field.

os_vendor

OS

 

vulnerability_plugin_id

external_id

 

dnsName

hostname

 

ip

ip_address

 

macAddress

MAC_address

 

netbiosName

netbios

 

Tags
Owner (firstname + lastname)
Name
Groups

Tags

All of these items are converted to tags within Cisco Vulnerability Management.

Optional Settings

The following settings can be enabled on the backend for TenableSC Connectors. To get these settings enabled or for more information, contact Cisco Support, or your Customer Success Engineer.

Include Informationals

Note: TenableSC excludes Informational vulnerabilities for performance reasons. When this option is enabled, non-CVE vulnerabilities will be imported. This includes X509 Cert expirations, TLS out-of-date (TLS 1.0, 1.1), Open Port Re-checks, Firewall Rule Enumeration, etc.

Skip Tags

This setting enables you to not create any Tags in Cisco Vulnerability Management based on the TenableSC scanner metadata.

Ignore Scanner Last Seen Time

Select this setting if you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.

Tag Reset

This setting assists you with keeping your scanner metadata synchronized with Cisco Vulnerability Management. Each time the connector is run, all tags in Cisco Vulnerability Management will be removed and the scanner tag metadata re-created.

If you have created any manual tags or any tags were created from metadata from other connectors, that tag information will be removed and will be refreshed once those other connectors are rerun.

Custom Ordered Locators

Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information, see the help article here.

Additional Assistance

Contact Support if you require any additional assistance with the Tenable SC Connector.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.