The Tenable Vulnerability Integration with Configuration Compliance

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of The Tenable Vulnerability Integration with Configuration Compliance

    The Tenable Vulnerability Integration with Configuration Compliance enables ServiceNow customers to import policies, controls (test results), and configuration tests from Tenable.io into the Configuration Compliance application. This integration helps identify configuration-related vulnerabilities on assets tracked in the Configuration Management Database (CMDB) and verify asset compliance with security policies and controls.

    Show full answer Show less

    Note that starting with Configuration Compliance version 14.9, several terminology updates have been made to align with this integration, such as renaming “Test Result Group” to “Remediation Task Group” and “Policy” to “Test group.”

    Key Features

    • Integrated Data Import: The integration imports asset data, policies, controls, and configuration tests through three distinct connectors:
      • Tenable.io Assets Integration
      • Tenable.io Compliance Results Integration
      • Tenable.io Compliance Results Backfill Integration
    • Data Reconciliation: When there are discrepancies in the number of imported Configuration Items (CIs) between the Assets Integration and Compliance Results Integration, temporary records track ignored asset IDs. The Compliance Results Backfill Integration then imports missing assessment data for these assets to ensure completeness.
    • Automated Backfill: The backfill integration can import up to 200 missing asset IDs per run and automatically deletes temporary records after matching assets with their data. Multiple runs may be required to fully reconcile all ignored assets.
    • Visibility and Tracking: Customers can monitor ignored CIs and integration run details via the Tenable Vulnerability Integration > Administration > Integrations module, ensuring transparency during data imports.
    • Activation and Configuration: The Compliance Results Integration and Compliance Results Backfill Integration are inactive by default. Customers can activate and configure these integrations within the administration console, with default scheduling settings recommended for initial use.

    What This Enables You to Do

    • Import and maintain up-to-date vulnerability and compliance data from Tenable.io directly into ServiceNow’s Configuration Compliance application.
    • Identify and track configuration-related vulnerabilities on CMDB assets efficiently.
    • Ensure comprehensive compliance verification by leveraging imported policies and test results.
    • Manage discrepancies in asset data imports effectively using the backfill mechanism to reconcile missing data.
    • Monitor integration health and ignored assets to maintain data accuracy.

    Next Steps

    • Enable and configure the Tenable.io Asset Integration using the Setup Assistant to begin importing asset data.
    • Activate the Tenable.io Compliance Results Integration and Backfill Integration as needed to import assessment results and reconcile missing assets.
    • Review integration run records regularly to track ignored CIs and ensure all asset data is imported properly.
    • Refer to additional ServiceNow documentation on the Tenable Vulnerability Integration for detailed configuration and best practices.

    The Tenable.io product of the Tenable Vulnerability Integration imports policies, controls (test results), and configuration tests for processing in the Configuration Compliance application.

    Note:
    Starting with v14.9 of Configuration Compliance, the following terms have been renamed:
    Table 1. Changes in terminology
    Terminology prior to v14.9 Terminology v14.9 onwards
    Test Result Group Remediation Task
    Group Rules Remediation Task Rules
    Policy Test group

    Tenable.io

    The Tenable Vulnerability Integration is supported.

    You can use imported data to:
    • Identify configuration-related vulnerabilities on your assets listed in your Configuration Management Database (CMDB)
    • Verify that your assets are in compliance with your policies and controls.
    Assets data, policies, controls (test results), and configuration tests are imported with the following integrations:
    • Tenable.io Assets Integration
    • Tenable.io Compliance Results Integration
    • Tenable.io Compliance Results Backfill Integration

    The following image illustrates how the integrations work together to import asset and configuration assessment data and reconcile any ignored CIs overlooked during an import.

    Figure 1. Import flow for secure configuration assessment results
    Sequence for the three tenable integrations, Assets, Configuration Compliance Results, and Compliance Results Backfill to update test, policy, and test result records

    Data is imported, updated, and displayed on the test result, policy, and configuration test records in the Configuration Compliance application.

    In some cases, the number of imported Configuration Items (CIs) is different for the Tenable.io Assets Integration and the Tenable.io Compliance Results Integration. When this occurs, temporary records are created and stored for the ignored asset IDs. These records can be matched later with imported assessment data by imports from the Compliance Results Backfill Integration.

    For example, let's say the Assets Integration imports 80 assets on an integration run, but the Compliance Results Integration imports 100.

    Note:
    You can verify the number of ignored CIs on integration runs by navigating to Tenable Vulnerability Integration > Administration > Integrations. Click the name of an integration to open the record. On the Vulnerability Integration Runs Related Link, open an integration run record and select the Items tab to see the value in the Ignored CIs field. This field tracks the total of ignored (missing) assets from the import.

    By comparing values in the Ignored CIs fields on each integration run record, there is a difference of 20 ignored CIs. As a result, the backfill integration runs automatically as shown in the preceding image. This integration imports the configuration assessment information for the extra 20 assets found by the Compliance Results Integration but missed by the Assets Integration. Since assessment data for missing assets is not imported, the Tenable.io Compliance Results Backfill Integration imports up to 200 Asset IDs per integration run to reconcile the missing assets with their corresponding assessment data. All records created for missing or ignored assets and listed on the temporary table are deleted after these assets and their data are matched.

    Note:
    It may take multiple runs of these integrations to import all the ignored assets.

    For more information about how to enable and configure the Tenable.io Asset Integration, see Configure the Tenable Vulnerability Integration using Setup Assistant. See Understanding the Tenable Vulnerability Integration for more information about the integration.

    The Tenable.io Compliance Results Integration and the Tenable.io Compliance Results Backfill Integration are inactive by default.

    To activate them:
    1. Navigate to Tenable Vulnerability Integration > Administration > Integrations.
    2. On the Tenable Integrations list, click an integration name to open the record and select the Active check box to enable it. You might prefer to leave the schedule settings in their default values for these integrations to start.