All Collections
Integration Guide
Tenable.io Integration
Tenable.io Integration
Ali Murtaza avatar
Written by Ali Murtaza
Updated over a week ago

About Tenable.io

Tenable.io is a cloud-based vulnerability management platform from Tenable, which provides actionable insight into an organization’s entire infrastructure and its security risks. This allows organizations to quickly and accurately identify, investigate, and prioritize vulnerabilities and misconfigurations in modern IT environments.

Integrating SIRP with Tenable.io allows you to ingest vulnerability assessment reports. Organizations can utilize the integration to represent and correlate vulnerabilities and assets, and scan data from Tenable combined with SIRP’s improved incident response.

Supported Actions

SIRP’s Tenable IO integration app allows you to execute the following actions:

Action

Description

Get Scan Reports

Ingest vulnerability assessment reports from Tenable

Enable and Configure Tenable.io App

1. Login to the Tenable.io web console at https://cloud.tenable.com and go to the Settings from the left navigation bar.

2. Click on My Account.

3. Go to the API Keys tab then click the Generate button. You will get a prompt for confirmation. Click the Generate button.

4. Tenable.io will generate the Access Key and Secret Key and display it on the screen. Copy both the keys.

5. Next, log in to SIRP, then go to Apps from the left navigation bar

6. Locate the app named Tenable IO

7. Enable the Tenable IO app by clicking on the toggle button under the Status column.

8. As soon as you enable the App, you will get an option to add the configuration details. Add the following details:

a. Configuration Name: Default <any name to be given to this configuration. Multi-configuration allows you to add multiple tenable.io accounts>

b. Access-Key: <Access Key copied from Tenable.io>

c. Secret-Key: <Secret Key copied from Tenable.io>

After the last step, you should be able to use the Tenable.io actions to ingest vulnerability assessments along with all vulnerabilities into SIRP.

In order to ingest vulnerability assessment reports from Tenable.io, follow the steps given in the next section.

Create and Configure Tenable.io Ingestion

In order to start ingesting vulnerability assessment reports from Tenable.io, you need to create a new ingestion source and enable it.

1. Go to the Administration section from the left-hand navigation bar

2. Go to Apps > Ingestion Sources

3. Click on Add Source

4. Fill the fields in the popup form as shown in the image above:

  • Name: Tenable IO (This can be any name to distinguish this ingestion source)

  • Status: Enable (To enable this ingestion source)

  • Ingestion Method: API

  • Ingestion Type: Vulnerability (Because we want to ingest vulnerabilities into our Vulnerability Management module)

  • Widget Name: Leave blank

  • Frequency: Every 5 min (SIRP will call Tenable.io API every 5 minutes to check for new “completed” assessments)

  • Opened By: Select a user from the dropdown

  • Applications: Select the Tenable IO application

  • Actions: Select get_scan_reports

  • Configuration: Select from the dropdown

  • Format: JSON

5. Click the Create button to create the new ingestion source.

After enabling the ingestion source, SIRP will start to call Tenable.io API every 5 minutes to check for any new and completed assessments. If SIRP finds any new assessments, it will start ingesting the records within its database.

The results will be visible in the Vulnerability Management module. The main page will list all the identified vulnerabilities. Whereas clicking on the Assessments button will take you to the page that will list all the assessments.

This integration for Tenable provides the ability to centralize your vulnerability insights by viewing a single dashboard.

Did this answer your question?