Tenable.io Connector


Get a risk-based view of your entire attack surface so you can quickly identify, investigate and prioritize vulnerabilities.

Managed in the cloud and powered by Nessus technology, Tenable.io provides comprehensive vulnerability coverage with the ability to predict which security issues to remediate first. It’s a complete end-to-end vulnerability management solution.

For information on the differences between the Tenable.io and Nessus API Importer connectors, please see the Nessus API Importer vs Tenable.io Connector Comparison Chart.

If you have been using the Nessus API Importer connector, it is recommended to delete those Nessus API Importer connectors after running the new Tenable.io connector. The two Tenable connectors collect very similar data via 2 different approaches. It is best to minimize duplicate data collection that might confuse your end-users of the data.

Platform support:

The Tenable.io connector supports the following Tenable interface only:

  • API interface to Tenable.io’s cumulative database

For other supported Tenable integrations, see the following:

User prerequisites/Tenable.io setup:

  • API User must have Tenable Standard role access to use this connector (per Tenable’s requirements) in order to access their cumulative database.



  • If the API user does not have correct role, you will see “403 Forbidden” errors when you attempt to run the connector. If you encounter issues, try using Administrator role.
  • The connector will import only the assets which the service account has view permissions for. A targeted scope or the full environment can be imported, but either way the account must have its asset permissions explicitly defined in the Access Control tile in Tenable.IO. The user account needs the “Can View” permission, and all objects which are to be imported into Cisco Vulnerability Management need to be selected, whether it be “All Assets” or a certain tag or group of tags.

Configuring Your Tenable Connector in Cisco Vulnerability Management


Once you select the Tenable.io icon from the Connectors page, you will see a screen like this:

  • Enter a Name for the connector.
  • Enter your Tenable.io API Access Key and Secret Key.
  • Set the Host location for the Tenable.io instance. This is typically cloud.tenable.com:443.
  • Select the frequency that you want to run your Tenable.io Connector in the Schedule buttons section.
  • Select Include Tenable Unlicensed Assets and Vulnerabilities
    • By default, this is unchecked. Unlicensed assets and vulnerabilities are not exported into Cisco Vulnerability Management.
    • Pulls in assets and vulnerabilities that are not considered “licensed” by Tenable. These tend to be plugins excluded from license limits or assets older than 90 days.
    • https://docs.tenable.com/tenableio/Content/GettingStarted/Licenses.htm 
  • Asset Inactivity Limit (days)
  • Save & Verify

Vulnerability Date Information

Within Cisco Vulnerability Management, you will notice several dates in the Vulnerabilities tab. When importing your Tenable data, the following criteria is used to populate these date fields.

  • "Found" within Cisco Vulnerability Management is when Tenable.io first detected the vulnerability and maps to the ‘first_found’ field in Tenable
  • "Last Seen" within Cisco Vulnerability Management is the last date Tenable.io detected the vulnerability and maps to the ‘last_found’ field in Tenable
  • "Created" within Cisco Vulnerability Management is the date the vulnerability was passed to Cisco Vulnerability Management via the Tenable integration. This date is not the result of a mapping from a field from Tenable.

Tenable Connector API Calls

The following API calls are performed during a connector run to retrieve the Tenable information and import it into the Cisco Vulnerability Management Platform.


Tenable Field

Cisco Vulnerability Management Field






Scanner IDs





Related CVE IDs

Related BugTraq IDs

Other Security Standard Reference IDs

plugin_solution + plugin_output




Fix Published



Scanner Score


Informational - 1

SeverityLow - 3

SeverityMedium - 5

SeverityHigh - 8

SeverityCritical -10

status (default = open)

Vulnerability Status

Only maps open/closed vulnerabilities. This connector will not autoclose a vulnerability. Closing a vulnerability requires a close status inbound from Tenable.

vuln > output

Details / Synopsis





vuln > port




Last Seen







Date the vulnerability was first imported to Cisco Vulnerability Management. Not mapped to a scanner field.


Operating System



External ID




We map fqdn from Tenable to fqdn in Cisco Vulnerability Management. FQDN should be used as the primary locator for deduplication purposes. This behavior differs from the Nessus API Importer connector. 

For the Nessus API Importer, fqdn in Cisco Vulnerability Management is left blank. Instead, it depends on the Hostname as a primary locator.

When transitioning from the Nessus API Importer connector to the Tenable.io connector, locator order should be reconsidered to place FQDN higher than Hostname.


IP Address




If there is no hostname provided by Tenable, hostname will be left blank in Cisco Vulnerability Management.


MAC Address






EC2 Locator



Asset Groups


All of these items are converted to tags within Cisco Vulnerability Management.



Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.