Data retrieval settings for the Tenable Vulnerability Integration

  • Release version: Xanadu
  • Updated August 1, 2024
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Data retrieval settings for the Tenable Vulnerability Integration

    This guide explains how to configure data retrieval settings in the ServiceNow AI Platform for the Tenable Vulnerability Integration, covering Tenable.io, Tenable.sc, and Tenable.cs products. These settings allow you to control the type, severity, and volume of vulnerability data imported into your instance, ensuring the data aligns with your organizational needs and priorities.

    Show full answer Show less

    Configuration is done through Integration Instances accessed via the ServiceNow interface under Tenable Vulnerability Integration > Integration Instances. From there, you can manage parameters, schedules, API details, and data sources for each Tenable product integration.

    Key Features

    • Severity Filters: Enable or disable filters for different severity levels (Critical, High, Medium, Low, Info) to control which vulnerabilities are imported. Defaults prioritize Critical and High severity.
    • Insert Fixed Flag: When enabled, this creates new Vulnerability Instances (VIs) for vulnerabilities marked as Fixed but not yet present in your instance, helping maintain completeness of your vulnerability records.
    • Data Chunking and Size Limits: Parameters such as size, numassets, chunksize, assetpagelimit, and vulnpagelimit control how many records are retrieved per integration run, optimizing performance and manageability.
    • Asynchronous Requests (Tenable.sc): Option to enable asynchronous API calls to improve performance, with support for synchronous calls and timeout handling.
    • Query Filters (Tenable.sc): Filters configured directly in the Tenable console can be applied during data retrieval, allowing precise control over imported data.

    Practical Application for ServiceNow Customers

    By adjusting these settings, you can tailor the vulnerability data imported to your organizational risk management policies, focusing on critical and high vulnerabilities initially while optionally expanding to include medium, low, or informational severities as needed.

    Managing data volume through chunk size and page limits helps maintain integration performance and avoids overwhelming your instance with excessive data in one run.

    Enabling insertfixed ensures that fixed vulnerabilities are accounted for, providing a more complete vulnerability lifecycle view in ServiceNow.

    For Tenable.sc users, enabling asynchronous API calls can improve integration responsiveness, but may require coordination with Tenable support for timeout tuning.

    Overall, these settings provide granular control over vulnerability data ingestion, helping you integrate Tenable findings efficiently and align them with your security operations workflows in ServiceNow.

    The following data retrieval settings help you determine specifically the type and scope of data you want to import from the ServiceNow® Tenable Vulnerability Integration to your ServiceNow AI Platform® instance.

    The settings described in the following sections help you control the data you want to import. Additionally, you can set the values of these filters in Integration Instances. To view integration instances, navigate to Tenable Vulnerability Integration > Integration Instances and select your integration, Tenable.io, Tenable.sc, or Tenable.cs.

    On the Integration Instance page that is displayed, select the Integration Instance Parameters to display a list of parameters, or the Vulnerability Integrations tabs for a schedule, REST Details, Integration details, Data Sources, and integration run information.

    Common severity and retrieval settings and filters for Tenable.io, Tenable.sc and Tenable.cs in your ServiceNow AI Platform instance

    The following settings are available for the Tenable.io, Tenable.sc, and Tenable.cs integrations in your ServiceNow AI Platform instance. These and other configuration settings are displayed on the Integration Instance page of your ServiceNow AI Platform instance. You may prefer to leave these settings in their defaults for the first few integration runs.

    Tenable.io

    insert_fixed
    If you enable the insert_fixed flag in Setup Assistant for the Vulnerabilities Import integration, new VIs are created for detections in the Fixed state that don’t exist in your instance.
    severity_critical
    This filter is enabled by default (true) to receive critical severity Vulnerabilities from the Tenable.io Open Vulnerabilities and Tenable.io Fixed Vulnerabilities Integrations.
    severity_high
    This filter is enabled by default (true) to receive high-level severity Vulnerabilities from the Tenable.io Open Vulnerabilities and Tenable.io Fixed Vulnerabilities Integrations.
    severity_medium
    This filter is inactive by default (false). Enable this filter to receive medium-level severity Vulnerabilities from the Tenable.io Open Vulnerabilities and Tenable.io Fixed Vulnerabilities Integrations.
    severity_info
    This filter is inactive by default (false). Enable this filter to receive info-level severity Vulnerabilities from the Tenable.io Open Vulnerabilities and Tenable.io Fixed Vulnerabilities Integrations.
    severity_low
    This filter is inactive by default (false). Enable this filter to receive low-level severity Vulnerabilities from the Tenable.io Open Vulnerabilities and Tenable.io Fixed Vulnerabilities Integrations.
    size
    This setting defines the number of plugin records to include in the result set from the Tenable.io Plugins Integration. Must be in the int32 format. The default value is 1,000. The maximum size is 10,000.
    num_assets
    The maximum number of vulnerabilities per exported chunk from the Tenable.io Fixed Vulnerabilities and Tenable.io Open Vulnerabilities Integrations. The default value is 50.
    chunk_size
    Specifies the number of assets per exported chunk by the Tenable.io Assets Integration. The default is 1,000.

    Tenable.sc

    async_request
    This parameter is inactive by default (false). Enable or disable this parameter to make asynchronous or synchronous API calls with Tenable.sc respectively. For synchronous calls, if there’s a timeout at 30 seconds, contact support for the Tenable product to tune the box. This parameter once enabled is applicable for all the integrations of Tenable.sc. For existing customers using asynchronous calls, a fix script is available, which adds a new async_request parameter to the existing Tenable.sc integration instances. To view the fix scripts, navigate to System Definition > Fix Scripts.
    insert_fixed
    If you enable the insert_fixed flag in Setup Assistant for the Vulnerabilities Import integration, new VIs are created fordetections in the Fixed state that don’t exist in your instance.
    offset
    Specifies the number of assets, plugins, and vulnerabilities imported in one integration run.
    Query filters
    Query filters are configured from within the Tenable console. These query filters have IDs that can be selected from Setup Assistant or from the Integration Instances page in your ServiceNow AI Platform instance. These filters are applied while retrieving the data from the Tenable.sc integrations.
    Tenable.cs
    compute_severity_critical
    This filter is enabled by default (true) to receive critical severity Vulnerabilities from the Tenable.cs Open Cloud Host Vulnerabilities Integration and Tenable.cs Fixed Cloud Host Vulnerabilities Integration.
    compute_severity_high
    This filter is enabled by default (true) to receive high-level severity Vulnerabilities from the Tenable.cs Open Cloud Host Vulnerabilities Integration and Tenable.cs Fixed Cloud Host Vulnerabilities Integration.
    compute_severity_medium
    This filter is inactive by default (false). Enable this filter to receive medium-level severity Vulnerabilities from the Tenable.cs Open Cloud Host Vulnerabilities Integration and Tenable.cs Fixed Cloud Host Vulnerabilities Integration.
    compute_severity_info
    This filter is inactive by default (false). Enable this filter to receive info-level severity Vulnerabilities from the Tenable.cs Open Cloud Host Vulnerabilities Integration and Tenable.cs Fixed Cloud Host Vulnerabilities Integration.
    compute_severity_low
    This filter is inactive by default (false). Enable this filter to receive low-level severity Vulnerabilities from the Tenable.cs Open Cloud Host Vulnerabilities Integration and Tenable.cs Fixed Cloud Host Vulnerabilities Integration.
    container_severity_critical
    This filter is enabled by default (true) to receive critical severity Container Vulnerabilities from the Tenable.cs Open Cloud Container Vulnerabilities Integration and Tenable.cs Fixed Cloud Container Vulnerabilities Integration.
    container_severity_high
    This filter is enabled by default (true) to receive high-level severity Container Vulnerabilities from the Tenable.cs Open Cloud Container Vulnerabilities Integration and Tenable.cs Fixed Cloud Container Vulnerabilities Integration.
    container_severity_medium
    This filter is inactive by default (false). Enable this filter to receive medium-level severity Container Vulnerabilities from the Tenable.cs Open Cloud Container Vulnerabilities Integration and Tenable.cs Fixed Cloud Container Vulnerabilities Integration.
    container_severity_info
    This filter is inactive by default (false). Enable this filter to receive info-level severity Vulnerabilities from the Container Vulnerabilities from the Tenable.cs Open Cloud Container Vulnerabilities Integration and Tenable.cs Fixed Cloud Container Vulnerabilities Integration.
    container_severity_low
    This filter is inactive by default (false). Enable this filter to receive low-level severity Container Vulnerabilities from the Tenable.cs Open Cloud Container Vulnerabilities Integration and Tenable.cs Fixed Cloud Container Vulnerabilities Integration.
    asset_page_limit
    This setting defines the number of container asset records to include in the result set from the Tenable.cs Cloud Container Assets Integration. The default value is 1,000. The maximum size is 1,000.
    vuln_page_limit
    This setting defines the number of vulnerabilities records to include in the result set from the Tenable.cs Open Cloud Host Vulnerabilities Integration, Tenable.cs Fixed Cloud Host Vulnerabilities Integration, Tenable.cs Open Cloud Container Vulnerabilities Integration, and Tenable.cs Fixed Cloud Container Vulnerabilities Integration. The default value is 1,000. The maximum size is 10,000.