Tenable

About

The Tenable Vulnerability Management context integration provides enriched asset context to Netography Fusion from Tenable Vulnerability Management. It connects to the Tenable API to retrieve asset, vulnerability, and scanner information and then adds Context Labels to Netography Fusion.

☁️NetoFuse Modules: Cloud deployment vs. on-prem deployment

This page documents how to add and configure the context integration in the Netography Fusion Portal. This will make a direct connection from the Netography Fusion SaaS in the cloud to the vendor API. If you prefer to deploy the integration within your own environment (on-prem or in your own cloud) with a container or Python package, go to the module documentation in NetoFuse Modules.

Adding a Context Integration

In the Netography Fusion Portal:

  1. Select Settings at the bottom of the left-hand navigation menu

  2. Select Context Integrations in the Data Management section.

  3. Select the Add Integration button.

  4. Select a context integration from the list provided.

  5. Follow the configuration steps in the documentation for the context integration you selected.

Configuring

Field
Required
Description

API Key

Yes

Tenable API Key

API Secret

Yes

Tenable API Secret

Advanced Configuration Options

These advanced configuration options can be used to specify the data returned by the Tenable API.

Field
Description
Default Value

include_asset_data

If set to false, no asset data is retrieved, only the vulnerabilities.

False

filters

Filters to apply to asset and vulnerability API calls. More information on this object here: https://developer.tenable.com/reference/exports-assets-request-export. If another configuration option is already available for the specific filter you want to use, use that one instead of this field.

None

cidr_range

Corresponds to the cidr_range filter setting

None

severity

Comma-separated list of severities to include in vulnerability results. Note that anything less than high is likely to create many context labels that are of low value, which should be avoided.

high

networks

A comma-separated list of network names. If it is set, the only assets or vulnerabilities included are those in one of the specified networks.

None

tags

A tag to filter assets returned by. A tag has a category name and a value, so the value of this should be written as “category=value".

None

scanner_details

If set to true, retrieve the list of scanners (filtered by the networks and CIDR field above).

True

Tenable VM Configuration

Generate a Tenable API Key

Login to your Tenable account and generate an API key at: https://cloud.tenable.com/tio/app.html#/settings/my-account/api-keys

See Tenable documentation if this link has changed or you have any questions about this process: https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm

Transform

The Advanced section of the context integration contains the Transform field. This field allows you to add, remove, or change the mapping of fields returned by the vendor API to Netography Fusion context labels.

See the Context Transforms documentation section for more instructions on editing this field.

It may be helpful to first configure all the parameters and the transform field with a NetoFuse container on your local system and then copy those fields into the Portal once you have validated that everything is configured properly.

PreviousTaniumNextWiz

Last updated