Data retrieval settings for the Tenable Vulnerability Integration

  • Release version: Yokohama
  • Updated January 30, 2025
  • 5 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Data retrieval settings for the Tenable Vulnerability Integration

    These data retrieval settings allow ServiceNow customers to control the type and scope of vulnerability data imported from Tenable Vulnerability Integrations (Tenable.io, Tenable.sc, and Tenable.cs) into their ServiceNow AI Platform instance. Settings and filters can be configured via the Integration Instances page, enabling precise management of imported vulnerability data according to severity, state, and volume.

    Show full answer Show less

    Key Features

    • Integration Instance Configuration: Access and adjust parameters and filters on the Integration Instance page under Tenable Vulnerability Integration, selecting the appropriate Tenable product.
    • Severity Filters: Severity levels (Critical, High, Medium, Low, Info) can be enabled or disabled independently for each integration to control which vulnerabilities are imported. Critical and High severities are enabled by default across integrations.
    • Insert Fixed Flag: When enabled, new Vulnerability Instances (VIs) are created for detections in the Fixed state that do not already exist in the ServiceNow instance, applicable for all Tenable products.
    • Data Chunk and Pagination Controls: Parameters such as size, numassets, chunksize, and offset control the volume of data retrieved per integration run, optimizing performance and load management.
    • Asynchronous API Calls (Tenable.sc): Option to enable asynchronous requests to improve integration performance; synchronous calls have a 30-second timeout and may require support tuning.
    • Query Filters for Tenable.sc: Filters configured within the Tenable console with selectable IDs can be applied during data retrieval to refine the imported dataset.
    • Tenable.cs Specific Filters: Separate severity filters for Cloud Host and Cloud Container vulnerabilities allow fine-tuned control over what data is imported for each asset type.
    • Page Limits: Defaults and maximums are defined for asset and vulnerability records per query to ensure manageable data loads, e.g., up to 10,000 for vulnerabilities in Tenable.io and Tenable.cs integrations.

    Practical Benefits

    • Allows ServiceNow customers to tailor vulnerability data imports to focus on relevant severity levels and asset types, improving operational efficiency.
    • Helps manage performance and data volume through configurable chunk sizes and pagination, reducing integration run times and resource consumption.
    • Supports tracking of fixed vulnerabilities by optionally creating new records for resolved issues, enhancing vulnerability lifecycle management.
    • Enables asynchronous processing for Tenable.sc to improve data retrieval reliability and speed, especially in large environments.

    The following data retrieval settings help you determine specifically the type and scope of data you want to import from the ServiceNow® Tenable Vulnerability Integration to your ServiceNow AI Platform® instance.

    The settings described in the following sections help you control the data you want to import. Additionally, you can set the values of these filters in Integration Instances. To view integration instances, navigate to Tenable Vulnerability Integration > Integration Instances and select your integration, Tenable.io, Tenable.sc, or Tenable.cs.

    On the Integration Instance page that is displayed, select the Integration Instance Parameters to display a list of parameters, or the Vulnerability Integrations tabs for a schedule, REST Details, Integration details, Data Sources, and integration run information.

    Common severity and retrieval settings and filters for Tenable.io, Tenable.sc and Tenable.cs in your ServiceNow AI Platform instance

    The following settings are available for the Tenable.io, Tenable.sc, and Tenable.cs integrations in your ServiceNow AI Platform instance. These and other configuration settings are displayed on the Integration Instance page of your ServiceNow AI Platform instance. You may prefer to leave these settings in their defaults for the first few integration runs.

    Tenable.io

    insert_fixed
    If you enable the insert_fixed flag in Setup Assistant for the Vulnerabilities Import integration, new VIs are created for detections in the Fixed state that don’t exist in your instance.
    severity_critical
    This filter is enabled by default (true) to receive critical severity Vulnerabilities from the Tenable.io Open Vulnerabilities and Tenable.io Fixed Vulnerabilities Integrations.
    severity_high
    This filter is enabled by default (true) to receive high-level severity Vulnerabilities from the Tenable.io Open Vulnerabilities and Tenable.io Fixed Vulnerabilities Integrations.
    severity_medium
    This filter is inactive by default (false). Enable this filter to receive medium-level severity Vulnerabilities from the Tenable.io Open Vulnerabilities and Tenable.io Fixed Vulnerabilities Integrations.
    severity_info
    This filter is inactive by default (false). Enable this filter to receive info-level severity Vulnerabilities from the Tenable.io Open Vulnerabilities and Tenable.io Fixed Vulnerabilities Integrations.
    severity_low
    This filter is inactive by default (false). Enable this filter to receive low-level severity Vulnerabilities from the Tenable.io Open Vulnerabilities and Tenable.io Fixed Vulnerabilities Integrations.
    size
    This setting defines the number of plugin records to include in the result set from the Tenable.io Plugins Integration. Must be in the int32 format. The default value is 1,000. The maximum size is 10,000.
    num_assets
    The maximum number of vulnerabilities per exported chunk from the Tenable.io Fixed Vulnerabilities and Tenable.io Open Vulnerabilities Integrations. The default value is 50.
    chunk_size
    Specifies the number of assets per exported chunk by the Tenable.io Assets Integration. The default is 1,000.

    Tenable.sc

    async_request
    This parameter is inactive by default (false). Enable or disable this parameter to make asynchronous or synchronous API calls with Tenable.sc respectively. For synchronous calls, if there’s a timeout at 30 seconds, contact support for the Tenable product to tune the box. This parameter once enabled is applicable for all the integrations of Tenable.sc. For existing customers using asynchronous calls, a fix script is available, which adds a new async_request parameter to the existing Tenable.sc integration instances. To view the fix scripts, navigate to System Definition > Fix Scripts.
    insert_fixed
    If you enable the insert_fixed flag in Setup Assistant for the Vulnerabilities Import integration, new VIs are created fordetections in the Fixed state that don’t exist in your instance.
    offset
    Specifies the number of assets, plugins, and vulnerabilities imported in one integration run.
    Query filters
    Query filters are configured from within the Tenable console. These query filters have IDs that can be selected from Setup Assistant or from the Integration Instances page in your ServiceNow AI Platform instance. These filters are applied while retrieving the data from the Tenable.sc integrations.
    Tenable.cs
    compute_severity_critical
    This filter is enabled by default (true) to receive critical severity Vulnerabilities from the Tenable.cs Open Cloud Host Vulnerabilities Integration and Tenable.cs Fixed Cloud Host Vulnerabilities Integration.
    compute_severity_high
    This filter is enabled by default (true) to receive high-level severity Vulnerabilities from the Tenable.cs Open Cloud Host Vulnerabilities Integration and Tenable.cs Fixed Cloud Host Vulnerabilities Integration.
    compute_severity_medium
    This filter is inactive by default (false). Enable this filter to receive medium-level severity Vulnerabilities from the Tenable.cs Open Cloud Host Vulnerabilities Integration and Tenable.cs Fixed Cloud Host Vulnerabilities Integration.
    compute_severity_info
    This filter is inactive by default (false). Enable this filter to receive info-level severity Vulnerabilities from the Tenable.cs Open Cloud Host Vulnerabilities Integration and Tenable.cs Fixed Cloud Host Vulnerabilities Integration.
    compute_severity_low
    This filter is inactive by default (false). Enable this filter to receive low-level severity Vulnerabilities from the Tenable.cs Open Cloud Host Vulnerabilities Integration and Tenable.cs Fixed Cloud Host Vulnerabilities Integration.
    container_severity_critical
    This filter is enabled by default (true) to receive critical severity Container Vulnerabilities from the Tenable.cs Open Cloud Container Vulnerabilities Integration and Tenable.cs Fixed Cloud Container Vulnerabilities Integration.
    container_severity_high
    This filter is enabled by default (true) to receive high-level severity Container Vulnerabilities from the Tenable.cs Open Cloud Container Vulnerabilities Integration and Tenable.cs Fixed Cloud Container Vulnerabilities Integration.
    container_severity_medium
    This filter is inactive by default (false). Enable this filter to receive medium-level severity Container Vulnerabilities from the Tenable.cs Open Cloud Container Vulnerabilities Integration and Tenable.cs Fixed Cloud Container Vulnerabilities Integration.
    container_severity_info
    This filter is inactive by default (false). Enable this filter to receive info-level severity Vulnerabilities from the Container Vulnerabilities from the Tenable.cs Open Cloud Container Vulnerabilities Integration and Tenable.cs Fixed Cloud Container Vulnerabilities Integration.
    container_severity_low
    This filter is inactive by default (false). Enable this filter to receive low-level severity Container Vulnerabilities from the Tenable.cs Open Cloud Container Vulnerabilities Integration and Tenable.cs Fixed Cloud Container Vulnerabilities Integration.
    asset_page_limit
    This setting defines the number of container asset records to include in the result set from the Tenable.cs Cloud Container Assets Integration. The default value is 1,000. The maximum size is 1,000.
    vuln_page_limit
    This setting defines the number of vulnerabilities records to include in the result set from the Tenable.cs Open Cloud Host Vulnerabilities Integration, Tenable.cs Fixed Cloud Host Vulnerabilities Integration, Tenable.cs Open Cloud Container Vulnerabilities Integration, and Tenable.cs Fixed Cloud Container Vulnerabilities Integration. The default value is 1,000. The maximum size is 10,000.