Tenable.io integrations with the Vulnerability Response and Configuration Compliance applications

  • Release version: Washingtondc
  • Updated February 5, 2024
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Tenable.io Integrations with Vulnerability Response and Configuration Compliance Applications

    The Tenable.io integrations enhance the Vulnerability Response and Configuration Compliance applications by allowing users to manage vulnerability data and configuration assessments effectively. These integrations facilitate multi-source support and enable the deployment of multiple integration instances through the Setup Assistant.

    Show full answer Show less

    Key Features

    • Tenable.io Assets Integration: Imports asset data, including tags, and helps identify configuration-related vulnerabilities. It updates existing configuration items (CIs) or creates new ones for unmatched assets.
    • Tenable.io Compliance Results Integration: Retrieves secure configuration assessment data to aid in identifying vulnerabilities. Missing asset data is temporarily stored for future matching.
    • Tenable.io Compliance Results Backfill Integration: Matches configuration assessment data with previously missing assets following the assets integration.
    • Tenable.io Scan Credential Integration: Retrieves scan credentials configured in Tenable.io for use in ServiceNow scanning requests.
    • Tenable.io Template Integration: Sends template records for rescans and retrieves available credentials for temporary storage.
    • Tenable.io Plugin Integration: Imports updated plugin data to ensure current vulnerability identifiers are maintained.
    • Tenable.io Fixed Vulnerabilities Integration: Retrieves vulnerability data and updates existing items based on severity filters, with options for creating vulnerable items for fixed detections.
    • Tenable.io Open Vulnerabilities Integration: Processes active vulnerabilities and triggers after the fixed vulnerabilities integration, ensuring visibility into current threats.

    Key Outcomes

    By implementing these integrations, ServiceNow customers can streamline their vulnerability management processes, improve visibility into configuration compliance, and efficiently respond to security threats. The automated data import and real-time updates enhance the overall security posture of the organization.

    The Tenable.io integrations in the Vulnerability Response Integration with Tenable application are available in the Vulnerability Response and Configuration Compliance applications.

    List of Tenable.io integrations

    Multi-source is supported for all of the Tenable.io and Tenable.sc integrations. You can add and deploy multiple instances of the following integrations across your environment from Setup Assistant in Vulnerability Response. You also install and configure the Vulnerability Response Integration with Tenable application from Setup Assistant.

    Tenable.io is a cloud-based enterprise integration. See the following table for the names and descriptions of the supported integrations for the Tenable.io product.

    The Tenable.io Compliance Results Integration and the Tenable.io Compliance Results Backfill Integration are inactive by default.

    To activate them:
    1. Navigate to Tenable Vulnerability Integration > Administration > Integrations.
    2. On the Tenable Integrations list, click an integration name to open the record and select the Active check box to enable it. You might prefer to leave the schedule settings in their default values for these integrations to start.
    Table 1. Tenable.io integrations
    Integration Description
    Tenable.io Assets Integration
    • Retrieves all asset data, including asset tags, from the Tenable.io product and processes it in your instance.
    • Starting with v3.0, If the Tenable.io Compliance Results Integration is activated, you can import secure configuration assessment data along with imported asset data. This data can help you the identify and respond to the configuration-related vulnerabilities on your assets.
    • Creates unique CIs for unmatched assets, or updates existing CIs with the network partition identifier attribute for assets across your environment that share the same IP address.
    • Coordinates the REST message calls to the Asset API.
    • The output of this integration is discovered items.
    • Data is imported in chunks and stored in the [sn_vul_tenable_chunk_status] table. Table cleaner automatically removes stored data from this table after 30 days.
    • Starting with v2.2, Last Scan Time is imported and updated only for assets that have vulnerabilities.
    Tenable.io Compliance Results Integration
    • Starting with v3.0, imported secure configuration assessment data from the Compliance Results Integration along with imported data from the Assets Integration can help you identify and respond to the configuration-related vulnerabilities on your assets.
    • If enabled, retrieves high-level secure configuration assessment data and processes it in your ServiceNow AI Platform instance. Imported data includes test results along with policies, configuration tests (controls) and citations with authoritative sources.
    • Assessment data for missing assets or assets without asset IDs are not imported.
    • If a test result is imported and its corresponding asset cannot be matched in your instance, the test result is ignored and the ID for the missing asset is stored in a temporary record in the [sn_vul_tenable_missing_asset] table.
    • The total value of ignored (missing) assets is listed in the Ignored CIs field on the Configuration tab on the integration run record for this integration.
    Tenable.io Compliance Results Backfill Integration
    • When activated, this integration runs automatically after the assets integration is successfully completed as part of a chained integration run. This integration matches configuration assessment data with missing assets listed on the [sn_vul_tenable_missing_asset] table.
    • Imports up to 200 asset IDs for any missing assets discovered or present in the instance after the assets integration import is successfully completed.
    • Removes the temporary records from the [sn_vul_tenable_missing_asset] table when assets can be matched with corresponding configuration assessment data.
    Tenable.io Scan Credential Integration
    • This integration retrieves the scan credentials configured in Tenable.io.
    • Coordinates the REST message calls to the Credentials API.
    • The output of this integration is scan credentials populated in the [sn_vul_tenable_scan_credential] table,.
    • The imported credentials are used to access the scanner when scan requests are initiated from the ServiceNow AI Platform.
    • This integration is scheduled to run weekly.
    Tenable.io Template Integration

    A template record is sent to Tenable.io during rescan. This integration retrieves available Tenable.io credentials to use for rescans. Credentials are instance-specific, and a single template record is imported and securely stored temporarily on the [sn_vul_tenable_io_template] table.
    Tenable.io Plugin Integration
    • Retrieves the plugin data from the Tenable.io product. Retrieved data are based on the date the plugins were last updated by a Tenable.io integration run.
    • This import ensures that the Tenable.io Identifiers (Ten IDs) are current.
    • Coordinates the REST message calls to the Plugin API.
    • The output of this integration is third-party vulnerabilities.
    Tenable.io Fixed Vulnerabilities Integration
    • Retrieves vulnerability data based on severity filters from the Tenable.io product and processes it in your instance. Vulnerable items are created for detection records which are in the Open and Reopened states, because these records require remediation. Existing vulnerable items are updated by Vulnerability Response if detections are Fixed, but vulnerable items are not created for Fixed detections by default, because Tenable considers Fixed vulnerabilities Mitigated.
    • When the flag Create vulnerable times for Fixed Vulnerability detections is activated in Setup Assistant, new VIs are created in the Fixed state so you have visibility into the detections that created them. Since VIs are created for Fixed detections that do not already exist in your instance, this might negatively impact your import performance. You may prefer to leave this feature deactivated so that Fixed detections only update the states of existing vulnerable items.
    • Creates unique CIs for unmatched assets, or updates existing CIs with the network partition identifier attribute for assets across your environment that share the same IP address.
    • Coordinates the REST message calls to the Vulnerabilities API.
    • The output of this integration is Closed/Fixed vulnerable items (VIs). It also creates assets and third-party entries if they don't exist.
    • Data is imported in chunks and stored in the [sn_vul_tenable_chunk_status] table. Table cleaner automatically removes stored data from this table after 30 days.

    This integration run is scheduled. It is a chained integration, which means after a run is successfully completed, the open vulnerabilities integration described below is triggered.

    Starting from Tenable v3.3, you can view the following information for the vulnerability integration runs:
    • Total chunks: Total number of chunks being generated by Tenable
    • Available chunks: Number of chunks available for download for ServiceNow
    Tenable.io Open Vulnerabilities Integration
    • This integration is triggered upon successful completion of the Tenable.io Fixed Vulnerabilities Integration.
    • Retrieves vulnerability data based on the severity filters from the Tenable.io product and processes it in your instance.
    • Creates unique CIs for unmatched assets, or updates existing CIs with the network partition identifier attribute for assets across your environment that share the same IP address.
    • Coordinates the REST message calls to the Vulnerabilities API.
    • The output of this integration is New/Reopened vulnerable items (VIs). It also creates configuration items and third-party entries if they don't exist. Tenable considers active vulnerabilities Cumulative (current).
    • Data is imported in chunks and stored in the [sn_vul_tenable_chunk_status] table. Table cleaner automatically removes stored data from this table after 30 days.
    Starting from Tenable v3.3, you can view the following information for the vulnerability integration runs:
    • Total chunks: Total number of chunks being generated by Tenable
    • Available chunks: Number of chunks available for download for ServiceNow