HomeGuidesAPI ReferenceChangelog
Log In
Guides

Tenable Vulnerability Management (Formerly Tenable IO)

Suggest Edits

This CLI is able to sync asset, scans and vulnerabilities from the Tenable IO API.

  • cancel_job - Cancel a Tenable IO Job.
  • list_jobs - Retrieve a list of jobs from Tenable.IO.
  • sync_assets - Query Tenable Assets and sync to RegScale.
  • sync_vuln - Query Tenable Vulnerabilties and sync to RegScale.
  • sync_compliance_controls - Sync the compliance data from Tenable.io to create control implementations for controls in frameworks.

init.yaml Configuration

There are multiple pieces of information needed to configure the Tenable integration via the CLI:

  • tenableAccessKey - Tenable access key
  • tenableSecretKey - Tenable secret key
  • tenableMinimumSeverityFilter - The minimum level of severity of vulnerability to sync to RegScale. (The default is low)
  • tenableUrl - base URL for the Tenable IO API. Example: https://cloud.tenable.com
  • issues: {tenable: {critical: 3, high: 5, moderate: 30, status: Draft}} - number of days to add to today's date when setting due dates to RegScale issues based on Tenable severity index and the status to use for a new RegScale issue.
  • tenableGroupByPlugin- The switch to enable grouping CVE's by Tenable Plugin, defaults to false

Tenable Setup Workfow

  1. Get the Tenable URL and paste it into the tenable_url field in init.yaml.
  2. Create a service account within Tenable and add your access key and secret key to the corresponding fields in init.yaml. Once this is complete, the Tenable integrations are ready to use with the RegScale CLI. See Tenable IO Instructions.

Vulnerability Processing Workflow

The CLI provides functionality for processing Tenable vulnerabilities into RegScale issues through two main commands:

Commands

Asset Processing Workflow

sync_assets Synchronizes Tenable IO assets with RegScale assets.

Vulnerability Processing Workflow

sync_vulns Synchronizes Tenable IO vulnerabilities and scans with RegScale vulnerabilities and scan history.

Both commands take the following parameters:

Required Parameters

  • --regscale_ssp_id: The RegScale SSP identifier number

Optional Parameters

  • --tags: Filter vulnerabilities by one or more tags
    • Format: "key:value" or multiple tags as "key1:value1,key2:value2"
    • Example: "Region:Chicago" or "Region:Chicago,Host:Acme Brick"

Handling Stuck Jobs

If a Tenable IO job becomes unresponsive:

  1. Use list_jobs to identify the stuck job
  2. Execute cancel_job with the job identifier to terminate it

NOTE: If you have a stuck Tenable IO job, you can use the list_jobs and cancel_job functionality to find and cancel a given job.

Compliance Control workflow

The CLI now supports processing Tenable compliance data to RegScale security plans.

  • sync_compliance_controls - Sync the compliance data from Tenable.io to create control implementations
    for controls in frameworks.
Required parameters
  • regscale_ssp_id The ID number from RegScale of the System Security Plan, required.
  • catalog_id The ID number from RegScale Catalog that the System Security Plan's controls belong to, required.
  • framework The framework to use. from Tenable.io frameworks MUST be the same RegScale Catalog of controls, required.
    The CLI provides detailed logging throughout the process to indicate progress and to provide troubleshooting in case of issues.

Usage Examples

# Basic sync with SSP ID
regscale tenable io sync_assets --regscale_ssp_id 3
regscale tenable io sync_vulns --regscale_ssp_id 3

# Sync with tag filtering
regscale tenable io sync_assets --regscale_ssp_id 3 --tags "Region:Chicago"
regscale tenable io sync_vulns --regscale_ssp_id 3 --tags "Region:Chicago"

#Sync compliance controls
regscale tenable io sync_compliance_controls --regscale_ssp_id 14 --catalog_id 4 --framework 800-53

init.yaml Example

For a basic Tenable integration with RegScale, the following init.yaml structure is necessary (example/notional key structure shown below, replace with actual customer keys):

domain: https://mycompany.regscale.com
token: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVC40.eyJzdWIiOiJob3dpZWF2cCIsImp0aSI6ImI0NDIxMjRhLTYxOWEtNGI1Mi1hMzUzLTA5YzdjZTRmM2JmOCIsImlhdCI6MTY0NDc4NzY4MiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZWlkZW50aWZpZXIiOiJjOWY1NzllMi1hOGM4LTRjMDItOGU5MS1jZTEyMmExYWE1MTciLCJodHRwOi8vcg2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiaG93aWVhdnAiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJBZG1pbmlzdHJhdG9yIiwibmJmIjoxNjQ0Nzg3NjgyLCJleHAiOjE2NDQ4NzQwODIsImlzcyI6IkF0bGFzIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwLyJ9.SkjmRktGLkljysVeoRqcx_hHiVR2gjcA2uZiSJbVkPc
tenableMinimumSeverityFilter: low
tenableAccessKey: d51040e5a9d783cfa5156797
tenableSecretKey: 5f27609ff92a42a5a77a880d9a989e84
tenableUrl: https://cloud.tenable.com

issues:
  tenable:
    critical: 3
    high: 5
    moderate: 30
    status: Draft

Considerations

In large scale environment where Tenable may have thousands of assets, it is recommended to run the RegScale-CLI on a system with 32 GB of RAM.

📘

NOTE: See All Scanner Integrations for information about how this updates Issues/POAMs

Updated 28 days ago