Tenable Security Center
Tenable CLI
This CLI is able to sync assets from Tenable Security Center queries and perform basic trending of vulnerability severity by asset.
query_vuln
- queries the Tenable Security Center instance for vulnerability scans and syncs assets to RegScaletrend_vuln
- performs basic trending using matplotlib and persisted data from Tenable vulnerability scansexport_scans
- exports a list of scans from the Tenable instance and saves to a filelist_tags
- queries a list of tags on the server and prints to the consolesave_queries
- gets a list of query definitions
init.yaml Configuration
There are multiple pieces of information needed to configure the Tenable integration via the CLI:
tenableAccessKey
- Tenable access keytenableSecretKey
- Tenable secret keytenableUrl
- base URL for the Tenable API. Example: https://sc.tenalab.onlineissues: {tenable: {critical: 3, high: 5, moderate: 30, status: Draft}}
- number of days to add to today's date when setting due dates to RegScale issues based on Tenable severity index and the status to use for a new RegScale issue.
Tenable Setup Workfow
- Get the Tenable URL and paste it into the
tenable_url
field ininit.yaml
. - Create a service account within Tenable and add your access key and secret key to the corresponding fields in
init.yaml
. Once this is complete, the Tenable integrations are ready to use with the RegScale CLI. See Tenable Instructions.
Vulnerability Processing Workflow
The CLI currently supports processing Tenable vulnerabilities to RegScale issues. The issue processing workflow is shown below:
- The user first logs into RegScale via the CLI to set the access token or otherwise creates a service account as described in the CLI Login documentation
- The user then calls the CLI to fetch Tenable vulnerabilities and if desired, save RegScale issues while setting the following flags:
query_vuln
- The primary function of this integration, query Tenable vulnerabilities and create/update any related assets to RegScale.query_id
- the ID # of the Tenable query used to fetch the vulnerabilities. This is to be set up using the Tenable platform.regscale_ssp_id
- the RegScale security plan to be associated with these vulnerabilitiescreate_issue_from_recommendation
- a boolean flag to set if the CLI user would like to map these vulnerabilities into RegScale issues. Newly created issues will be set toDraft
status in RegScale.
- The
query_vuln
method of the CLI then retrieves all vulnerabilities from Tenable and saves to a local file calledvulnerabilities.pkl
and will create RegScale issues if desired. trend_vuln
- trend vulnerabilities using data from the already savedvulnerabilities.pkl
file. This file will persist for useful trends.-p
- the PluginID # of the Tenable vulnerability-d
- a filter for the DNS name of the vulnerable asset
- Trending of persisted vulnerability data on the client.
list_tags
- a simple list of Tenable tagssave_queries
- a list of query definitionsfile_path
- file path of CSV to save
export_scans
- an export of all Tenable scans available to the userFILE_NAME
- file path of CSV to save
The CLI provides detailed logging throughout the process to indicate progress and to provide troubleshooting in case of issues.
Example Commands
Query Tenable using a defined query on the Tenable platform and relate it to an existing RegScale SSP. If any vulnerabilities are found, issues will be created in RegScale.
regscale tenable query_vuln --query_id 37009 --regscale_ssp_id 2 --create_issue_from_recommendation 1
regscale tenable trend_vuln -p 10107 -d '_gateway.lxd'
init.yaml Example
For a basic Tenable integration with RegScale, the following init.yaml
structure is necessary (example/notional key structure shown below, replace with actual customer keys):
domain: https://mycompany.regscale.com
token: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVC40.eyJzdWIiOiJob3dpZWF2cCIsImp0aSI6ImI0NDIxMjRhLTYxOWEtNGI1Mi1hMzUzLTA5YzdjZTRmM2JmOCIsImlhdCI6MTY0NDc4NzY4MiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvbmFtZWlkZW50aWZpZXIiOiJjOWY1NzllMi1hOGM4LTRjMDItOGU5MS1jZTEyMmExYWE1MTciLCJodHRwOi8vcg2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiaG93aWVhdnAiLCJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dzLzIwMDgvMDYvaWRlbnRpdHkvY2xhaW1zL3JvbGUiOiJBZG1pbmlzdHJhdG9yIiwibmJmIjoxNjQ0Nzg3NjgyLCJleHAiOjE2NDQ4NzQwODIsImlzcyI6IkF0bGFzIiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwLyJ9.SkjmRktGLkljysVeoRqcx_hHiVR2gjcA2uZiSJbVkPc
tenableAccessKey: d51040e5a9d783cfa5156797
tenableSecretKey: 5f27609ff92a42a5a77a880d9a989e84
tenableUrl: https://sc.tenalab.online
issues:
tenable:
critical: 3
high: 5
moderate: 30
status: Draft
Building a Bash Script to Execute the CLI
You can chain together RegScale CLI commands using scripts. These scripts could be in Bash, Python, PowerShell, etc. Below is an example Bash file (named "regscaleScheduler.sh") in Ubuntu for executing the Tenable CLI that pulls all issues and inventory after authenticating and assigns them to a specific Security Plan in RegScale:
#!/bin/sh
# Save assets from Tenable Query #37009 and relate to RegScale SSP #2
regscale tenable query_vuln --query_id 37009 --regscale_ssp_id 2 --create_issue_from_recommendation 1
To execute the Bash file, run this command: /path/to/folder/regscaleScheduler.sh
. You can chain together any arbitrary set of CLI commands to have them execute sequentially.
Updated 11 months ago