Get a risk-based view of your entire attack surface so you can quickly identify, investigate and prioritize vulnerabilities.
Managed in the cloud and powered by Nessus technology, Tenable.io provides comprehensive vulnerability coverage with the ability to predict which security issues to remediate first. It’s a complete end-to-end vulnerability management solution.
For information on the differences between the Tenable.io and Nessus API Importer connectors, please see the Nessus API Importer vs Tenable.io Connector Comparison Chart.
If you have been using the Nessus API Importer connector, it is recommended to delete those Nessus API Importer connectors after running the new Tenable.io connector. The two Tenable connectors collect very similar data via 2 different approaches. It is best to minimize duplicate data collection that might confuse your end-users of the data.
Platform support:
The Kenna Tenable.io connector supports the following Tenable interface only:
- API interface to Tenable.io’s cumulative database
For other supported Tenable integrations, see the following:
User prerequisites/Tenable.io setup:
- API User must have Tenable Administrator role access to use this connector (per Tenable’s requirements) in order to access their cumulative database.
- If the API user does not have Administrator role, you will see “403 Forbidden” errors when you attempt to run the connector.
-
The Kenna connector will import only the assets which the Administrator service account has view permissions for. A targeted scope or the full environment can be imported, but either way the account must have its asset permissions explicitly defined in the Access Control tile in Tenable.IO. The user account needs the “Can View” permission, and all objects which are to be imported into Kenna need to be selected, whether it be “All Assets” or a certain tag or group of tags.
Configuring Your Tenable Connector in Kenna
Once you select the Tenable.io icon from the Kenna Connectors page, you will see a screen like this:
- Enter a Name for the connector.
- Enter your Tenable.io API Access Key and Secret Key.
- Set the Host location for the Tenable.io instance. This is typically cloud.tenable.com:443.
- Select the frequency that you want to run your Kenna Tenable.io Connector in the Schedule buttons section.
- Select Include Tenable Unlicensed Assets and Vulnerabilities
- By default, this is unchecked. Unlicensed assets and vulnerabilities are not exported into Kenna.
- Pulls in assets and vulnerabilities that are not considered “licensed” by Tenable. These tend to be plugins excluded from license limits or assets older than 90 days.
- https://docs.tenable.com/tenableio/Content/GettingStarted/Licenses.htm
- Asset Inactivity Limit (days)
- Save & Verify
Vulnerability Date Information
Within Kenna, you will notice several dates in the Vulnerabilities tab. When importing your Tenable data, the following criteria is used to populate these date fields.
- "Found" within Kenna is when Tenable.io first detected the vulnerability and maps to the ‘first_found’ field in Tenable
- "Last Seen" within Kenna is the last date Tenable.io detected the vulnerability and maps to the ‘last_found’ field in Tenable
- "Created" within Kenna is the date the vulnerability was passed to Kenna via the Tenable integration. This date is not the result of a mapping from a field from Tenable.
Tenable Connector API Calls
The following API calls are performed during a connector run to retrieve the Tenable information and import it into the Kenna Platform.
- Asset endpoint (https://developer.tenable.com/reference/exports-assets-request-export)
- Exports all hosts seen by Tenable scans in the last 90 days.
- Pulls all Host asset tags.
- Tenable deleted and terminated assets are ignored.
- Vulnerabilities endpoint (https://developer.tenable.com/reference/exports-vulns-request-export)
- Pulls vulnerability data and associates it with the imported assets.
- Exports all vulnerabilities of assets seen by Tenable scans in the last 90 days.
|
Tenable Field |
Kenna Field |
Notes |
|
plugin_name |
Name |
|
|
plugin_id |
Scanner IDs |
|
|
plugin_description |
Description |
seeAlso Related CVE IDs Related BugTraq IDs Other Security Standard Reference IDs |
|
plugin_solution + plugin_output |
Solution/Fix |
|
|
patch_publication_date |
Fix Published |
|
|
severity |
Scanner Score |
(1-10) Informational - 1 SeverityLow - 3 SeverityMedium - 5 SeverityHigh - 8 SeverityCritical -10 |
|
status (default = open) |
Vulnerability Status |
Only maps open/closed vulnerabilities. This connector will not autoclose a vulnerability. Closing a vulnerability requires a close status inbound from Tenable. |
|
vuln > output |
Details / Synopsis |
|
|
cves |
CVE |
|
|
vuln > port |
Ports |
|
|
last_found |
Last Seen |
|
|
first_found |
Found |
|
|
N/A |
Created |
Date the vulnerability was first imported to Kenna. Not mapped to a scanner field. |
|
operating_system |
Operating System |
|
|
id |
External ID |
|
|
fqdns |
FQDN |
We map fqdn from Tenable to fqdn in Kenna. FQDN should be used as the primary locator for deduplication purposes. This behavior differs from the Nessus API Importer connector. For the Nessus API Importer, fqdn in Kenna is left blank. Instead, it depends on the Hostname as a primary locator. When transitioning from the Nessus API Importer connector to the Tenable.io connector, locator order should be reconsidered to place FQDN higher than Hostname. |
|
ipv4s |
IP Address |
|
|
hostnames |
Hostname |
If there is no hostname provided by Tenable, hostname will be left blank in Kenna. |
|
mac_addresses |
MAC Address |
|
|
netbios_names |
NetBIOS |
|
|
aws_ec2_name |
EC2 Locator |
|
|
Tags Asset Groups |
Tags |
All of these items are converted to tags within Kenna. |
Comments
Please sign in to leave a comment.