REST messages for the Tenable Vulnerability Integration

  • Release version: Xanadu
  • Updated August 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of REST messages for the Tenable Vulnerability Integration

    The ServiceNow® Tenable Vulnerability Integration uses a set of REST messages to communicate with various Tenable API endpoints. These REST messages enable ServiceNow customers to retrieve and manage vulnerability, asset, plugin, scan, policy, and credential data from Tenable.io, Tenable.sc, and Tenable.cs platforms. Changes to specific REST message method records directly affect the data requests made to Tenable, so careful management is essential.

    Show full answer Show less

    Key REST Messages and Their Purposes

    • Tenable.io Assets: Retrieves asset information with filters ensuring only non-deleted and licensed assets are fetched.
    • Tenable.io Plugins: Retrieves plugin details used in vulnerability assessments.
    • Tenable.io Vulnerabilities: Fetches both open and closed vulnerability data from Tenable.io.
    • Tenable.sc Queries: Retrieves query filter configurations for assets and vulnerabilities within Tenable.sc integrations.
    • Tenable.sc Plugins: Retrieves plugin information; includes a comprehensive set of fields such as CVSS vectors, risk factors, and exploit availability.
    • Tenable.sc Vulnerabilities: Retrieves vulnerability data including patched and backfill vulnerabilities, affected by updated method records.
    • Tenable.sc Scan Credentials: Retrieves usable scan credentials; parameter changes are not recommended to maintain integration stability.
    • Tenable.sc Policy: Adds policies for requested plugins, which are used during scan requests.
    • Tenable.sc Scan: Submits scan requests including policy, plugin IDs, and target IPs, respecting access permissions.
    • Tenable.sc Scan Result: Retrieves detailed results for scans initiated via the Scan REST message.
    • Tenable.cs GraphQL: Retrieves container assets, host, and vulnerability data for Tenable.cs integrations via specialized GraphQL queries.

    Data Transformation Process

    Once data is imported from the Tenable products through these REST messages, it is processed within the ServiceNow instance using defined data sources and transformation rules. This ensures that the imported data aligns with ServiceNow's data models and supports accurate vulnerability management workflows.

    Practical Considerations for ServiceNow Customers

    • Modifying REST message method records directly impacts the data retrieved from Tenable APIs; changes should be performed cautiously.
    • Filters and parameters—such as asset deletion status and credential usability—help optimize data retrieval and integration performance.
    • The integration supports comprehensive vulnerability lifecycle management by covering assets, plugins, vulnerabilities, scans, policies, and credentials across multiple Tenable platforms.
    • Understanding the scope and fields of each REST message enables customers to tailor the integration to their security and operational requirements.

    The ServiceNow® Tenable Vulnerability Integration REST messages are used to make calls to the Tenable API.

    Tenable.io Assets REST message

    The Tenable.io Assets REST message retrieves Assets information for the Tenable.io Asset Integration. Changes to the REST message method record impact the requests made to Tenable.io to retrieve assets information. The export job for assets is submitted with the following filters:
    • "is_deleted": false
    • "is_licensed": true

    Tenable.io Plugins REST message

    The Tenable.io Plugins REST message retrieves Plugin information for the Tenable.io Plugin Integration. Changes to the REST message method record impact the requests made to Tenable.io to retrieve plugins information.

    Tenable.io Vulnerabilities REST message

    The Tenable.io Vulnerabilities REST message retrieves vulnerability information for both Open and Closed vulnerabilities from the Tenable.io Vulnerability Integration. Changes to the REST message method record impact the requests made to Tenable.io to retrieve vulnerabilities information.

    Tenable.sc Queries REST message

    The Tenable.sc Queries rest message retrieves the query filter information for the Tenable.sc Asset integration and Tenable.sc vulnerabilities integration where the query filter is configured.

    Tenable.sc Plugins REST message

    The Tenable.sc Plugin REST message retrieves plugin information for the Tenable.sc Plugins Integration. Changes to the REST message Get Plugins method record impact the requests made to Tenable.sc to retrieve plugins information.

    Parameter name Value Description
    type active Indicates the source Tenable pulls data from. Used by code. Changes aren’t recommended.
    fields id, description, cvssVector,cvssV3Vector, cvssV3TemporalVector, synopsis, cvssVector, baseScore,temporalScore, cvssV3Vector,cvssV3BaseScore, cvssV3TemporalScore, name, vprScore, vprContext, pluginPubDate, pluginModDate, xrefs, family, riskFactor, cpe, seeAlso, solution, exploitAvailable, exploitFrameworks, type, copyright, version, sourceFile, dependencies, requiredPorts, requiredUDPPorts, srcPort, dstPort,protocol, checkType, cvssVectorBF, stigSeverity, patchPubDate, patchModDate, vulnPubDate, modifiedTime, md5 Indicates the list of fields imported from Tenable.

    Tenable.sc Vulnerabilities REST message

    The Tenable.sc vulnerabilities REST message retrieves vulnerability information from the Tenable.sc Integration. Changes to the REST message Fetch Vulnerabilities or Fetch Patched Vulnerabilities method or, starting with v14.0 Vulnerability Response and v2.2 of the Tenable Vulnerability Integration, Fetch Backfill Vulnerabilities record impact the requests made to Tenable.sc to retrieve vulnerabilities information.

    Tenable.sc Scan Credentials REST message

    Tenable.sc Policy REST message
    The Tenable.sc policy POST REST message adds a policy for requested plugins. Generated policy is used in Tenable.sc scan requests.
    Tenable.sc Scan REST message
    The Tenable.sc scan POST REST message adds a scan that is dependent on the access and permission defined in the request body of the rest message. It uses policy, plugin id, and IP(s) in the request body for the scan request.
    Tenable.sc Scan Result REST message
    The Tenable.sc Scan Result GET REST message provides scan details of the scan generated using the Scan REST message. It uses the scanResultId in the response of the scan REST messages and retrieves scan details for the triggered scan.
    Tenable.sc Scan Credentials
    The Tenable.sc scan credentials REST message retrieves the credentials information from Tenable.sc. Changes to the REST message 'Import' method record impact the requests made to Tenable.sc to retrieve the credentials information.
    Parameter name Value Description
    fields id,name,description,type Indicates the list of fields imported from Tenable.sc
    filter usable Indicates that the integration pulls only usable credentials from Tenable.sc

    Changes to either of the parameters isn’t recommended.

    Tenable.cs GraphQl REST message: The Tenable.cs GraphQl REST message retrieves container asset information, host, and container vulnerability information for Tenable.cs Integration. Changes to the REST message Fetch Container Assets, Fetch Container Vulnerabilities, Fetch Compute Vulnerabilities method record impact the requests made to Tenable.cs to retrieve asset and vulnerabilities information.