Tenable.io
  • 19 Mar 2023
  • 5 Minutes to read
  • Dark
    Light
  • PDF

Tenable.io

  • Dark
    Light
  • PDF

Tenable.io automatically discovers and assesses a customer's environment for vulnerabilities, misconfigurations, and other cybersecurity issues.

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users

Parameters

  1. Tenable.io Domain (required) - The hostname of the Tenable.io server. When fetching assets and vulnerabilites a different hard-coded domain is used (currently https://cloud.tenable.com).

  2. Access API Key and Secret API Key (required) - An API Key associated with a user account that has the Required Permissions to fetch assets.

  3. Tenable.io Tags Include list (optional, case sensitive) - Specify a comma-separated list of tag keys in Tenable.io.

    • If supplied, this adapter will only fetch devices from Tenable.io with any of the tag keys provided in this list.
    • If not supplied, this adapter will fetch all devices from Tenable.io.
  4. Verify SSL - Select to verify the SSL certificate offered by the value supplied in Tenable.io Domain. For more details, see SSL Trust & CA Settings.

  5. HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in Tenable.io Domain.

  6. For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Tenableio.png

Advanced Settings

Note:

From Version 4.6, Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Email domain include list (optional) - Enter a comma separated list of email domains from which only users with email addresses that are connected to this domain are fetched. When the field is empty, users with email addresses from any domain are fetched.

  2. Do not fetch devices with no last scan - Select whether to fetch devices without Last Seen date.

    • If enabled, all connections for this adapter will not fetch devices if they do not have a Last Seen indication.
    • If disabled, all connections for this adapter will fetch devices even if they do not have a Last Seen indication.
  3. Scan IDs include list (optional) - Specify a comma-separated list of scan IDs in Tenable.io.

    • If supplied, all connections for this adapter will only fetch devices from Tenable.io scans with the scan IDs provided in this list.
    • If not supplied, all connections for this adapter will fetch all devices from Tenable.io scans.
  4. Fetch agent data (required, default: true) - Select whether to fetch Tenable.io agent data on each device.

    • If enabled, all connections for this adapter will fetch Tenable.io agent data on each device.
    • If disabled, all connections for this adapter will not fetch Tenable.io agent data on each device.
  5. Fetch only agent data - Select whether to only fetch Tenable.io agent data on each device. If this is not selected, everything is fetched.

  6. Fetch scan exclusions - Select to fetch scan exclusion status for Tenable.io devices.

  7. Do not fetch devices with no MAC addresses and no hostname - Select to exclude fetching devices without a MAC address and without a hostname.

  8. Fetch fixed vulnerabilities - Select this option to also fetch vulnerabilities with the state ‘fixed’.

  9. Fetch only active vulnerabilities (required, default: true) - Select whether to fetch only vulnerabilities in Active or in New state. For details, see Tenable.io - Vulnerability States.

    • If enabled, all connections for this adapter will only fetch vulnerabilities in Active or in New state.
    • If disabled, all connections for this adapter will fetch vulnerabilities with any state: New, Active, Fixed or Resurfaced.
  10. Fetch vulnerabilities with severity equal or above this level (required, default: Info) - Select the minimum level of severity to fetch vulnerabilities.

  11. Do not fetch installed software - Select whether to not fetch installed software.

  12. Fetch vulnerabilities in the background - Select this option to fetch vulnerabilities for devices in the background, and not as part of a fetch. Note that vulnerabilities will be updated in the UI only after a regular fetch.

  13. Omit dashes from Agent UUID in agent data (optional) - When this option is selected and Fetch agent data is also selected, the dash character is removed from the value retrieved from the Agent UUID field of Tenable.io agent devices.
    Note: The Fetch agent data option must be selected for the Omit dashes... option to properly function.

  14. Do not populate fqdns as asset name - Select to not include fully qualified domain names (FQDNs) as asset names.

  15. Do not fetch vulnerabilities Select this option to not fetch any vulnerabilities option.

    Note:

    Once you select this option, any other Advanced vulnerabilities configuration options will be ignored.

  16. Use agent name as asset name - Select to use an agent name as an asset name.

  17. Fetch Windows services from Plugin ID 44401 - Select to fetch data from the Windows services plugin 44401 for each device.

  18. Fetch only assets updated at the last X days - Enter a value to fetch only assets updated in those number of days. The default value is empty in which case all assets are fetched (from the beginning of time) (entering 0 also fetches all assets).

  19. Compliance scans (optional) - Enter one or more comma-separated scan audit files to parse compliance data.

  20. Fetch installed software from Tenable plugins - Select installed software plugins from the drop-down list about which to fetch information.

  21. Fetch network details - Select this option to fetch information about the network to which the device is connected.

  22. Exclude disabled users (default: false)- Select this option to not fetch users that are disabled within Tenable.io. That is when this option is selected only users whose account_disabled is set to False or with no value will be fetched.

Note:

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

Required Permissions

The value supplied in Access API Key and Secret API Key must have read access to devices.

To generate an API key in the Tenable.io console, see Tenable.io - Generate an API Key.

The API Keys are created for a user account. This user account must have the Administrator user permissions because Axonius uses the Export Assets method, which requires Administrator user permissions as described in Tenable.io - Export Assets.

Note:

If you are creating multiple Tenable connections they cannot use the same user account. A separate user account must be created for each one. Refer to Retrieve Asset Data from Tenable.io Limitations.

Additionally, Administrator accounts may require provisioning of the 'Can View' & 'Can Scan' permissions.



What's Next
Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.