HomeGuidesAPI ReferenceChangelog
Log In
Guides

Tenable Security Center

Tenable CLI

This CLI is able to sync assets from Tenable Security Center queries and perform basic trending of vulnerability severity by asset.

  • query_vuln - queries the Tenable Security Center instance for vulnerability scans and syncs assets to RegScale
  • trend_vuln - performs basic trending using matplotlib and persisted data from Tenable vulnerability scans
  • export_scans - exports a list of scans from the Tenable instance and saves to a file
  • list_tags - queries a list of tags on the server and prints to the console
  • save_queries - gets a list of query definitions

init.yaml Configuration

There are multiple pieces of information needed to configure the Tenable integration via the CLI:

  • tenableAccessKey - Tenable access key
  • tenableSecretKey - Tenable secret key
  • tenableUrl - base URL for the Tenable API. Example: https://sc.tenalab.online
  • issues: {tenable: {critical: 3, high: 5, moderate: 30, status: Draft}} - number of days to add to today's date when setting due dates to RegScale issues based on Tenable severity index and the status to use for a new RegScale issue.
  • tenableGroupByPlugin- The switch to enable grouping CVE's by Tenable Plugin, defaults to false
  • tenableMinimumSeverityFilter- Filter out any vulnerabilities by severity, defaults to pulling any vulnerability from low to critical and set to low

Tenable Setup Workfow

  1. Get the Tenable URL and paste it into the tenable_url field in init.yaml.
  2. Create a service account within Tenable and add your access key and secret key to the corresponding fields in init.yaml. Once this is complete, the Tenable integrations are ready to use with the RegScale CLI. See Tenable Instructions.

Vulnerability Processing Workflow

The CLI currently supports processing Tenable vulnerabilities to RegScale issues. The issue processing workflow is shown below:

  • The user first logs into RegScale via the CLI to set the access token or otherwise creates a service account as described in the CLI Login documentation
  • The user then calls the CLI to fetch Tenable vulnerabilities and if desired, save RegScale issues while setting the following flags:
    • query_vuln - The primary function of this integration, query Tenable vulnerabilities and create/update any related assets to RegScale.
      • query_id - the ID # of the Tenable query used to fetch the vulnerabilities. This is to be set up using the Tenable platform.
      • regscale_ssp_id - the RegScale security plan to be associated with these vulnerabilities
      • create_issue_from_recommendation - a boolean flag to set if the CLI user would like to map these vulnerabilities into RegScale issues. Newly created issues will be set to Draft status in RegScale.
    • The query_vuln method of the CLI then retrieves all vulnerabilities from Tenable and saves to a local file called vulnerabilities.pkl and will create RegScale issues if desired.
    • trend_vuln - trend vulnerabilities using data from the already saved vulnerabilities.pkl file. This file will persist for useful trends.
      • -p - the PluginID # of the Tenable vulnerability
      • -d - a filter for the DNS name of the vulnerable asset
    • Trending of persisted vulnerability data on the client.
    • list_tags - a simple list of Tenable tags
    • save_queries - a list of query definitions
      • file_path - file path of CSV to save
    • export_scans - an export of all Tenable scans available to the user
      • FILE_NAME - file path of CSV to save

The CLI provides detailed logging throughout the process to indicate progress and to provide troubleshooting in case of issues.

Example Commands

Query Tenable using a defined query on the Tenable platform and relate it to an existing RegScale SSP. If any vulnerabilities are found, issues will be created in RegScale.

  • regscale tenable sc query_vuln --query_id 37009 --regscale_ssp_id 2 --create_issue_from_recommendation 1
  • regscale tenable sc trend_vuln -p 10107 -d '_gateway.lxd'

init.yaml Example

For a basic Tenable integration with RegScale, the following init.yaml structure is necessary (example/notional key structure shown below, replace with actual customer keys):

domain: https://mycompany.regscale.com
token: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVC40.eyJzdWIiOiJob3dpZWF2cCIsImp0aSI6ImI0NDIxMjRhLTYxOWEtNGI1Mi1hMzUzLTA5YzdjZTRmM2JmOCIsImlhdCI6MTY0NDc4NzY4MiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZWlkZW50aWZpZXIiOiJjOWY1NzllMi1hOGM4LTRjMDItOGU5MS1jZTEyMmExYWE1MTciLCJodHRwOi8vcg2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiaG93aWVhdnAiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJBZG1pbmlzdHJhdG9yIiwibmJmIjoxNjQ0Nzg3NjgyLCJleHAiOjE2NDQ4NzQwODIsImlzcyI6IkF0bGFzIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwLyJ9.SkjmRktGLkljysVeoRqcx_hHiVR2gjcA2uZiSJbVkPc
tenableAccessKey: d51040e5a9d783cfa5156797
tenableSecretKey: 5f27609ff92a42a5a77a880d9a989e84
tenableUrl: https://sc.tenalab.online
tenableGroupByPlugin: true
issues:
  tenable:
    critical: 3
    high: 5
    moderate: 30
    status: Draft

Building a Bash Script to Execute the CLI

You can chain together RegScale CLI commands using scripts. These scripts could be in Bash, Python, PowerShell, etc. Below is an example Bash file (named "regscaleScheduler.sh") in Ubuntu for executing the Tenable CLI that pulls all issues and inventory after authenticating and assigns them to a specific Security Plan in RegScale:

#!/bin/sh

# Save assets from Tenable Query #37009 and relate to RegScale SSP #2
regscale tenable sc query_vuln --query_id 37009 --regscale_ssp_id 2 --create_issue_from_recommendation 1

To execute the Bash file, run this command: /path/to/folder/regscaleScheduler.sh. You can chain together any arbitrary set of CLI commands to have them execute sequentially.


📘

NOTE: See All Scanner Integrations for information about how this updates Issues/POAMs