Tenable
About
The Tenable Vulnerability Management context integration provides enriched asset context to Netography Fusion from Tenable Vulnerability Management. It connects to the Tenable API to retrieve asset, vulnerability, and scanner information and then adds Context Labels to Netography Fusion.
NetoFuse Modules: Cloud deployment vs. on-prem deployment
This page documents how to add and configure the context integration in the Netography Fusion Portal. This will make a direct connection from the Netography Fusion SaaS in the cloud to the vendor API. If you prefer to deploy the integration within your own environment (on-prem or in your own cloud) with a container or Python package, go to the module documentation in NetoFuse Modules.
Adding a Context Integration
In the Netography Fusion Portal:
- Select Settings at the bottom of the left-hand navigation menu
- Select Context Integrations in the Data Management section.
- Select the Add Integration button.
- Select a context integration from the list provided.
- Follow the configuration steps in the documentation for the context integration you selected.
Configuring
Field | Required | Description |
---|---|---|
API Key | Yes | Tenable API Key |
API Secret | Yes | Tenable API Secret |
Advanced Configuration Options
These advanced configuration options can be used to specify the data returned by the Tenable API.
Field | Description | Default Value |
---|---|---|
include_asset_data | If set to false, no asset data is retrieved, only the vulnerabilities. | False |
filters | Filters to apply to asset and vulnerability API calls. More information on this object here: https://developer.tenable.com/reference/exports-assets-request-export. If another configuration option is already available for the specific filter you want to use, use that one instead of this field. | None |
cidr_range | Corresponds to the cidr_range filter setting | None |
severity | Comma-separated list of severities to include in vulnerability results. Note that anything less than high is likely to create many context labels that are of low value, which should be avoided. | high |
networks | A comma-separated list of network names. If it is set, the only assets or vulnerabilities included are those in one of the specified networks. | None |
tags | A tag to filter assets returned by. A tag has a category name and a value, so the value of this should be written as “category=value" . | None |
scanner_details | If set to true, retrieve the list of scanners (filtered by the networks and CIDR field above). | True |
Tenable VM Configuration
Generate a Tenable API Key
Login to your Tenable account and generate an API key at:
https://cloud.tenable.com/tio/app.html#/settings/my-account/api-keys
See Tenable documentation if this link has changed or you have any questions about this process: https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm
Transform
The Advanced section of the context integration contains the Transform field. This field allows you to add, remove, or change the mapping of fields returned by the vendor API to Netography Fusion context labels.
See the Context Transforms documentation section for more instructions on editing this field.
It may be helpful to first configure all the parameters and the transform field with a NetoFuse container on your local system and then copy those fields into the Portal once you have validated that everything is configured properly.
Updated 7 months ago