Tenable
About
The Tenable Vulnerability Management NetoFuse module provides enriched asset context to Netography Fusion from Tenable Vulnerability Management. It connects to the Tenable API to retrieve asset, vulnerability, and scanner information and then uploads it as Context Labels to the Netography Fusion API.
NetoFuse Modules: Cloud deployment vs. On-Prem deployment
This page documents how to add and configure the NetoFuse module for an on-prem deployment with a container or Python package. If you want to use the cloud deployment model and have this integration run in the Netography Fusion SaaS, you can add it as a context integration in the Netography Fusion Portal instead by consulting the Context Integrations documentation.
API Configuration Parameters
All the fields required for this integration are listed here, along with the corresponding environment variable name used to set that field in the NetoFuse module.
| Tenable Field | Required | NetoFuse Environment Variable | Description |
|---|---|---|---|
| API Key | Yes | NETO__TENABLE__CREDENTIALS__ACCESS_KEY | Tenable API Key |
| API Secret | Yes | NETO__TENABLE__CREDENTIALS__SECRET | Tenable API Secret |
Tenable VM Configuration
Generate a Tenable API Key
Login to your Tenable account and generate an API key at:
https://cloud.tenable.com/tio/app.html#/settings/my-account/api-keys
See Tenable documentation if this link has changed or you have any questions about this process: https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm
tenablevm NetoFuse Module Configuration
tenablevm NetoFuse Module ConfigurationAll the fields required for this integration are listed above in the API Configuration Parameters section above. See Configure > module for additional options for setting configuration fields and Credential Storage for additional options for setting credentials.
Advanced Configuration Options
The following configuration options are available for the module.
| Configuration Option | Description | Default Value |
|---|---|---|
include_asset_data | If set to false, no asset data is retrieved, only the vulnerabilities. | False |
filters | Filters to apply to asset and vulnerability API calls. More information on this object here: https://developer.tenable.com/reference/exports-assets-request-export. If another configuration option is already available for the specific filter you want to use, use that one instead of this field. | None |
cidr_range | Corresponds to the cidr_range filter setting | None |
severity | Comma-separated list of severities to include in vulnerability results. Note that anything less than high is likely to create many context labels that are of low value, which should be avoided. | high |
networks | A comma-separated list of network names. If it is set, the only assets or vulnerabilities included are those in one of the specified networks. | None |
tags | A tag to filter assets returned by. A tag has a category name and a value, so the value of this should be written as “category=value". | None |
scanner_details | If set to true, retrieve the list of scanners (filtered by the networks and CIDR field above). | True |
Default tenablevm Module Configuration
tenablevm Module Configuration tenablevm:
include_asset_data: true
scanner_details: true
cidr_range: # 10.0.11.0/24
networks: # Default
tags: # testing=Test 1
filters:
credentials:
access_key:
secret:
transform:
ipv4s:
context: ip
ipv6s:
context: ip
plugin.cve:
context: cve
plugin.cvss3_base_score:
context: cvss_score
severity:
context: cvss_rating
asset.operating_system:
context: os
function:
function: transform_os
# Scanner Transform
ip_addresses:
context: ip
scanner_name:
context: scanner_name
scanner_product:
context: scanner_product
scanner_allowed:
context: scanner_allowed
Updated about 2 months ago