REST messages for the Tenable Vulnerability Integration

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of REST messages for the Tenable Vulnerability Integration

    The ServiceNow® Tenable Vulnerability Integration uses a set of REST messages to interact with various Tenable APIs, enabling the retrieval and management of asset, plugin, vulnerability, scan, policy, and credential information. These REST messages facilitate seamless integration with Tenable.io, Tenable.sc, and Tenable.cs platforms, supporting comprehensive vulnerability and asset management workflows within ServiceNow.

    Show full answer Show less

    Key REST Messages and Their Functions

    • Tenable.io Assets REST message: Retrieves asset information for the Tenable.io Asset Integration, with filters to exclude deleted assets and include only licensed ones.
    • Tenable.io Plugins REST message: Retrieves plugin details for the Tenable.io Plugin Integration.
    • Tenable.io Vulnerabilities REST message: Retrieves both open and closed vulnerability data from Tenable.io.
    • Tenable.sc Queries REST message: Retrieves query filter configurations for asset and vulnerability integrations within Tenable.sc.
    • Tenable.sc Plugins REST message: Retrieves plugin data for Tenable.sc Plugins Integration, importing a comprehensive set of plugin fields including CVSS scores, risk factors, and exploit information.
    • Tenable.sc Vulnerabilities REST message: Retrieves vulnerability information from Tenable.sc, supporting fetch operations for vulnerabilities, patched vulnerabilities, and backfill vulnerabilities (starting from specific integration versions).
    • Tenable.sc Policy REST message: Adds policies for requested plugins, which are used in scan requests.
    • Tenable.sc Scan REST message: Initiates scans based on defined policies, plugins, and IP addresses, respecting access permissions.
    • Tenable.sc Scan Result REST message: Retrieves detailed results of scans initiated via the Scan REST message.
    • Tenable.sc Scan Credentials REST message: Retrieves usable credentials from Tenable.sc necessary for scanning.
    • Tenable.cs GraphQL REST message: Retrieves container assets, host information, and vulnerabilities for Tenable.cs integrations.

    Key Configuration Parameters

    Several REST messages include parameters specifying fields to import or filters to apply, such as:

    • Fields parameter: Defines which data fields are imported from Tenable (e.g., plugin details, credential attributes).
    • Filter parameters: Used to limit data retrieved, such as only importing usable credentials or excluding deleted assets.
    • Type parameter: Indicates the source platform for data retrieval and is typically not recommended to be changed.

    Practical Implications for ServiceNow Customers

    • Modifying REST message method records directly impacts the data retrieved from Tenable platforms, so changes should be made carefully.
    • Understanding each REST message’s purpose helps in customizing integrations, troubleshooting data retrieval issues, and optimizing vulnerability management workflows.
    • The integration supports comprehensive vulnerability lifecycle management, from asset discovery and vulnerability identification to scan execution and result analysis.

    The ServiceNow® Tenable Vulnerability Integration REST messages are used to make calls to the Tenable API.

    Tenable.io Assets REST message

    The Tenable.io Assets REST message retrieves Assets information for the Tenable.io Asset Integration. Changes to the REST message method record impact the requests made to Tenable.io to retrieve assets information. The export job for assets is submitted with the following filters:
    • "is_deleted": false
    • "is_licensed": true

    Tenable.io Plugins REST message

    The Tenable.io Plugins REST message retrieves Plugin information for the Tenable.io Plugin Integration. Changes to the REST message method record impact the requests made to Tenable.io to retrieve plugins information.

    Tenable.io Vulnerabilities REST message

    The Tenable.io Vulnerabilities REST message retrieves vulnerability information for both Open and Closed vulnerabilities from the Tenable.io Vulnerability Integration. Changes to the REST message method record impact the requests made to Tenable.io to retrieve vulnerabilities information.

    Tenable.sc Queries REST message

    The Tenable.sc Queries rest message retrieves the query filter information for the Tenable.sc Asset integration and Tenable.sc vulnerabilities integration where the query filter is configured.

    Tenable.sc Plugins REST message

    The Tenable.sc Plugin REST message retrieves plugin information for the Tenable.sc Plugins Integration. Changes to the REST message Get Plugins method record impact the requests made to Tenable.sc to retrieve plugins information.

    Parameter name Value Description
    type active Indicates the source Tenable pulls data from. Used by code. Changes aren’t recommended.
    fields id, description, cvssVector,cvssV3Vector, cvssV3TemporalVector, synopsis, cvssVector, baseScore,temporalScore, cvssV3Vector,cvssV3BaseScore, cvssV3TemporalScore, name, vprScore, vprContext, pluginPubDate, pluginModDate, xrefs, family, riskFactor, cpe, seeAlso, solution, exploitAvailable, exploitFrameworks, type, copyright, version, sourceFile, dependencies, requiredPorts, requiredUDPPorts, srcPort, dstPort,protocol, checkType, cvssVectorBF, stigSeverity, patchPubDate, patchModDate, vulnPubDate, modifiedTime, md5 Indicates the list of fields imported from Tenable.

    Tenable.sc Vulnerabilities REST message

    The Tenable.sc vulnerabilities REST message retrieves vulnerability information from the Tenable.sc Integration. Changes to the REST message Fetch Vulnerabilities or Fetch Patched Vulnerabilities method or, starting with v14.0 Vulnerability Response and v2.2 of the Tenable Vulnerability Integration, Fetch Backfill Vulnerabilities record impact the requests made to Tenable.sc to retrieve vulnerabilities information.

    Tenable.sc Scan Credentials REST message

    Tenable.sc Policy REST message
    The Tenable.sc policy POST REST message adds a policy for requested plugins. Generated policy is used in Tenable.sc scan requests.
    Tenable.sc Scan REST message
    The Tenable.sc scan POST REST message adds a scan that is dependent on the access and permission defined in the request body of the rest message. It uses policy, plugin id, and IP(s) in the request body for the scan request.
    Tenable.sc Scan Result REST message
    The Tenable.sc Scan Result GET REST message provides scan details of the scan generated using the Scan REST message. It uses the scanResultId in the response of the scan REST messages and retrieves scan details for the triggered scan.
    Tenable.sc Scan Credentials
    The Tenable.sc scan credentials REST message retrieves the credentials information from Tenable.sc. Changes to the REST message 'Import' method record impact the requests made to Tenable.sc to retrieve the credentials information.
    Parameter name Value Description
    fields id,name,description,type Indicates the list of fields imported from Tenable.sc
    filter usable Indicates that the integration pulls only usable credentials from Tenable.sc

    Changes to either of the parameters isn’t recommended.

    Tenable.cs GraphQl REST message: The Tenable.cs GraphQl REST message retrieves container asset information, host, and container vulnerability information for Tenable.cs Integration. Changes to the REST message Fetch Container Assets, Fetch Container Vulnerabilities, Fetch Compute Vulnerabilities method record impact the requests made to Tenable.cs to retrieve asset and vulnerabilities information.