Tenable Vulnerability Management (Formerly Tenable IO)
This CLI is able to sync asset, scans and vulnerabilities from the Tenable IO API.
cancel_job
- Cancel a Tenable IO Job.list_jobs
- Retrieve a list of jobs from Tenable.IO.sync_assets
- Query Tenable Assets and sync to RegScale.sync_vuln
- Query Tenable Vulnerabilties and sync to RegScale.sync_compliance_controls
- Sync the compliance data from Tenable.io to create control implementations for controls in frameworks.
init.yaml Configuration
There are multiple pieces of information needed to configure the Tenable integration via the CLI:
tenableAccessKey
- Tenable access keytenableSecretKey
- Tenable secret keytenableMinimumSeverityFilter
- The minimum level of severity of vulnerability to sync to RegScale. (The default is low)tenableUrl
- base URL for the Tenable IO API. Example: https://cloud.tenable.comissues: {tenable: {critical: 3, high: 5, moderate: 30, status: Draft}}
- number of days to add to today's date when setting due dates to RegScale issues based on Tenable severity index and the status to use for a new RegScale issue.tenableGroupByPlugin
- The switch to enable grouping CVE's by Tenable Plugin, defaults tofalse
Tenable Setup Workfow
- Get the Tenable URL and paste it into the
tenable_url
field ininit.yaml
. - Create a service account within Tenable and add your access key and secret key to the corresponding fields in
init.yaml
. Once this is complete, the Tenable integrations are ready to use with the RegScale CLI. See Tenable IO Instructions.
Asset Processing Workflow
The CLI currently supports processing Tenable assets to RegScale assets. The workflow is shown below:
- The user first logs into RegScale via the CLI to set the access token or otherwise creates a service account as described in the CLI Login documentation
- The user then calls the CLI to fetch Tenable assets and sync with RegScale:
sync_assets
- The primary function of this integration, query Tenable assets and create/update any related assets to RegScale.
Vulnerability Processing Workflow
The CLI currently supports processing Tenable vulnerabilities to RegScale issues. The issue processing workflow is shown below:
sync_vulns
- Sync Tenable IO vulnerabilities and scans to RegScale vulnerabilities and scan history.- Both functions take a single required parameter,
--regscale_ssp_id
representing the RegScale SSP id #. - The
sync_vulns
function will also take an optional parameter to create issues from Tenable recommendations.NOTE: If you have a stuck Tenable IO job, you can use the list_jobs and cancel_job functionality to find and cancel a given job.
Compliance Control workflow
The CLI now supports processing Tenable compliance data to RegScale security plans.
sync_compliance_controls
- Sync the compliance data from Tenable.io to create control implementations
for controls in frameworks.
Required parameters
ssp_id
The ID number from RegScale of the System Security Plan, required.catalog_id
The ID number from RegScale Catalog that the System Security Plan's controls belong to, required.framework
The framework to use. from Tenable.io frameworks MUST be the same RegScale Catalog of controls, required.
The CLI provides detailed logging throughout the process to indicate progress and to provide troubleshooting in case of issues.
Example Commands
Query Tenable using a defined query on the Tenable platform and relate it to an existing RegScale SSP. If any vulnerabilities are found, issues will be created in RegScale.
regscale tenable io sync_compliance_controls --ssp_id 14 --catalog_id 4 --framework 800-53
regscale tenable io sync_assets --regscale_ssp_id 14
regscale tenable io sync_vulns --regscale_ssp_id 14
init.yaml Example
For a basic Tenable integration with RegScale, the following init.yaml
structure is necessary (example/notional key structure shown below, replace with actual customer keys):
domain: https://mycompany.regscale.com
token: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVC40.eyJzdWIiOiJob3dpZWF2cCIsImp0aSI6ImI0NDIxMjRhLTYxOWEtNGI1Mi1hMzUzLTA5YzdjZTRmM2JmOCIsImlhdCI6MTY0NDc4NzY4MiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZWlkZW50aWZpZXIiOiJjOWY1NzllMi1hOGM4LTRjMDItOGU5MS1jZTEyMmExYWE1MTciLCJodHRwOi8vcg2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiaG93aWVhdnAiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJBZG1pbmlzdHJhdG9yIiwibmJmIjoxNjQ0Nzg3NjgyLCJleHAiOjE2NDQ4NzQwODIsImlzcyI6IkF0bGFzIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwLyJ9.SkjmRktGLkljysVeoRqcx_hHiVR2gjcA2uZiSJbVkPc
tenableMinimumSeverityFilter: low
tenableAccessKey: d51040e5a9d783cfa5156797
tenableSecretKey: 5f27609ff92a42a5a77a880d9a989e84
tenableUrl: https://cloud.tenable.com
issues:
tenable:
critical: 3
high: 5
moderate: 30
status: Draft
Considerations
In large scale environment where Tenable may have thousands of assets, it is recommended to run the RegScale-CLI on a system with 32 GB of RAM.
NOTE: See All Scanner Integrations for information about how this updates Issues/POAMs
Updated 2 months ago