Tenable.io Connector

Screen_Shot_2021-12-03_at_1.42.17_PM.png

Get a risk-based view of your entire attack surface so you can quickly identify, investigate and prioritize vulnerabilities.

Managed in the cloud and powered by Nessus technology, Tenable.io provides comprehensive vulnerability coverage with the ability to predict which security issues to remediate first. It’s a complete end-to-end vulnerability management solution.

For information on the differences between the Tenable.io and Nessus API Importer connectors, please see the Nessus API Importer vs Tenable.io Connector Comparison Chart.

If you have been using the Nessus API Importer connector, it is recommended to delete those Nessus API Importer connectors after running the new Tenable.io connector. The two Tenable connectors collect very similar data via 2 different approaches. It is best to minimize duplicate data collection that might confuse your end-users of the data.

Platform support:

The Kenna Tenable.io connector supports the following Tenable interface only:

  • API interface to Tenable.io’s cumulative database

For other supported Tenable integrations, see the following:

User prerequisites/Tenable.io setup:

  • API User must have Tenable Administrator role access to use this connector (per Tenable’s requirements) in order to access their cumulative database.

Screen_Shot_2022-05-13_at_4.21.53_PM.png

Screen_Shot_2022-05-13_at_4.16.14_PM.png

  • If the API user does not have Administrator role, you will see “403 Forbidden” errors when you attempt to run the connector.

Configuring Your Tenable Connector in Kenna

Screen_Shot_2022-01-10_at_10.07.47_AM.png

Once you select the Tenable.io icon from the Kenna Connectors page, you will see a screen like this:

  • Enter a Name for the connector.
  • Enter your Tenable.io API Access Key and Secret Key.
  • Set the Host location for the Tenable.io instance. This is typically cloud.tenable.com:443.
  • Select the frequency that you want to run your Kenna Tenable.io Connector in the Schedule buttons section.
  • Select Include Tenable Unlicensed Assets and Vulnerabilities
  • Asset Inactivity Limit (days)
  • Save & Verify

Vulnerability Date Information

Within Kenna, you will notice several dates in the Vulnerabilities tab. When importing your Tenable data, the following criteria is used to populate these date fields.

  • "Found" within Kenna is when Tenable.io first detected the vulnerability and maps to the ‘first_found’ field in Tenable
  • "Last Seen" within Kenna is the last date Tenable.io detected the vulnerability and maps to the ‘last_found’ field in Tenable
  • "Created" within Kenna is the date the vulnerability was passed to Kenna via the Tenable integration. This date is not the result of a mapping from a field from Tenable.

Tenable Connector API Calls

The following API calls are performed during a connector run to retrieve the Tenable information and import it into the Kenna Platform.

 

Tenable Field

Kenna Field

Notes

plugin_name

Name

 

plugin_id

Scanner IDs

 

plugin_description

Description

seeAlso

Related CVE IDs

Related BugTraq IDs

Other Security Standard Reference IDs

plugin_solution + plugin_output

Solution/Fix

 

patch_publication_date

Fix Published

 

severity

Scanner Score

(1-10)


Informational - 1

SeverityLow - 3

SeverityMedium - 5

SeverityHigh - 8

SeverityCritical -10

status (default = open)

Vulnerability Status

Only maps open/closed vulnerabilities. This connector will not autoclose a vulnerability. Closing a vulnerability requires a close status inbound from Tenable.

vuln > output

Details / Synopsis

 

cves

CVE

 

vuln > port

Ports

 

last_found

Last Seen

 

first_found

Found

 

N/A

Created

Date the vulnerability was first imported to Kenna. Not mapped to a scanner field.

operating_system

Operating System

 

id

External ID

 

fqdns

FQDN

We map fqdn from Tenable to fqdn in Kenna. FQDN should be used as the primary locator for deduplication purposes. This behavior differs from the Nessus API Importer connector. 


For the Nessus API Importer, fqdn in Kenna is left blank. Instead, it depends on the Hostname as a primary locator.


When transitioning from the Nessus API Importer connector to the Tenable.io connector, locator order should be reconsidered to place FQDN higher than Hostname.

ipv4s

IP Address

 

hostnames

Hostname

If there is no hostname provided by Tenable, hostname will be left blank in Kenna.

mac_addresses

MAC Address

 

netbios_names

NetBIOS

 

aws_ec2_name

EC2 Locator

 

Tags

Asset Groups

Tags

All of these items are converted to tags within Kenna.

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.