HomeGuidesAPI ReferenceChangelog
Log In
Guides

Tenable Vulnerability Management (Formerly Tenable IO)

This CLI is able to sync asset, scans and vulnerabilities from the Tenable IO API.

  • cancel_job - Cancel a Tenable IO Job.
  • list_jobs - Retrieve a list of jobs from Tenable.IO.
  • sync_assets - Query Tenable Assets and sync to RegScale.
  • sync_vuln - Query Tenable Vulnerabilties and sync to RegScale.
  • sync_compliance_controls - Sync the compliance data from Tenable.io to create control implementations for controls in frameworks.

init.yaml Configuration

There are multiple pieces of information needed to configure the Tenable integration via the CLI:

  • tenableAccessKey - Tenable access key
  • tenableSecretKey - Tenable secret key
  • tenableMinimumSeverityFilter - The minimum level of severity of vulnerability to sync to RegScale. (The default is low)
  • tenableUrl - base URL for the Tenable IO API. Example: https://cloud.tenable.com
  • issues: {tenable: {critical: 3, high: 5, moderate: 30, status: Draft}} - number of days to add to today's date when setting due dates to RegScale issues based on Tenable severity index and the status to use for a new RegScale issue.
  • tenableGroupByPlugin- The switch to enable grouping CVE's by Tenable Plugin, defaults to false

Tenable Setup Workfow

  1. Get the Tenable URL and paste it into the tenable_url field in init.yaml.
  2. Create a service account within Tenable and add your access key and secret key to the corresponding fields in init.yaml. Once this is complete, the Tenable integrations are ready to use with the RegScale CLI. See Tenable IO Instructions.

Asset Processing Workflow

The CLI currently supports processing Tenable assets to RegScale assets. The workflow is shown below:

  • The user first logs into RegScale via the CLI to set the access token or otherwise creates a service account as described in the CLI Login documentation
  • The user then calls the CLI to fetch Tenable assets and sync with RegScale:
    • sync_assets - The primary function of this integration, query Tenable assets and create/update any related assets to RegScale.

Vulnerability Processing Workflow

The CLI currently supports processing Tenable vulnerabilities to RegScale issues. The issue processing workflow is shown below:

  • sync_vulns - Sync Tenable IO vulnerabilities and scans to RegScale vulnerabilities and scan history.
  • Both functions take a single required parameter, --regscale_ssp_id representing the RegScale SSP id #.
  • The sync_vulns function will also take an optional parameter to create issues from Tenable recommendations.

    NOTE: If you have a stuck Tenable IO job, you can use the list_jobs and cancel_job functionality to find and cancel a given job.

Compliance Control workflow

The CLI now supports processing Tenable compliance data to RegScale security plans.

  • sync_compliance_controls - Sync the compliance data from Tenable.io to create control implementations
    for controls in frameworks.
Required parameters
  • ssp_id The ID number from RegScale of the System Security Plan, required.
  • catalog_id The ID number from RegScale Catalog that the System Security Plan's controls belong to, required.
  • framework The framework to use. from Tenable.io frameworks MUST be the same RegScale Catalog of controls, required.
    The CLI provides detailed logging throughout the process to indicate progress and to provide troubleshooting in case of issues.

Example Commands

Query Tenable using a defined query on the Tenable platform and relate it to an existing RegScale SSP. If any vulnerabilities are found, issues will be created in RegScale.

  • regscale tenable io sync_compliance_controls --ssp_id 14 --catalog_id 4 --framework 800-53
  • regscale tenable io sync_assets --regscale_ssp_id 14
  • regscale tenable io sync_vulns --regscale_ssp_id 14

init.yaml Example

For a basic Tenable integration with RegScale, the following init.yaml structure is necessary (example/notional key structure shown below, replace with actual customer keys):

domain: https://mycompany.regscale.com
token: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVC40.eyJzdWIiOiJob3dpZWF2cCIsImp0aSI6ImI0NDIxMjRhLTYxOWEtNGI1Mi1hMzUzLTA5YzdjZTRmM2JmOCIsImlhdCI6MTY0NDc4NzY4MiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZWlkZW50aWZpZXIiOiJjOWY1NzllMi1hOGM4LTRjMDItOGU5MS1jZTEyMmExYWE1MTciLCJodHRwOi8vcg2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiaG93aWVhdnAiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJBZG1pbmlzdHJhdG9yIiwibmJmIjoxNjQ0Nzg3NjgyLCJleHAiOjE2NDQ4NzQwODIsImlzcyI6IkF0bGFzIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwLyJ9.SkjmRktGLkljysVeoRqcx_hHiVR2gjcA2uZiSJbVkPc
tenableMinimumSeverityFilter: low
tenableAccessKey: d51040e5a9d783cfa5156797
tenableSecretKey: 5f27609ff92a42a5a77a880d9a989e84
tenableUrl: https://cloud.tenable.com

issues:
  tenable:
    critical: 3
    high: 5
    moderate: 30
    status: Draft

Considerations

In large scale environment where Tenable may have thousands of assets, it is recommended to run the RegScale-CLI on a system with 32 GB of RAM.


📘

NOTE: See All Scanner Integrations for information about how this updates Issues/POAMs