Login
    Contents x
    Tenable.sc (SecurityCenter)
    • 07 Sep 2023
    • 9 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Tenable.sc (SecurityCenter)

    • Updated on 07 Sep 2023
    • 9 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Tenable.sc (formerly SecurityCenter) consolidates and evaluates vulnerability data, prioritizing security risks.

    Related Enforcement Actions

    Parameters

    The Tenable.sc Adapter connection requires the following parameters:

    1. URL (required) - The URL of the Tenable.sc management server. (e.g., https://tenable-sc.company.com)

    2. User Name and Password (optional, default: empty) - The credentials for a user account that has the Required Permissions to fetch assets.

      Note:

      These fields are required if the following are not supplied:

      • Access Key and Secret Key
      • Session Token and Session Key

    3. Access Key and Secret Key (optional) - The API key-secret pair associated to a user account that has the Required Permissions to fetch assets.

      Note:

      These fields are required if the following are not supplied:

      • User Name and Password
      • Session Token and Session Key

    4. Session Token and Session Cookie (optional) - A session cookie associated with the supplied username.

      Note:

      These fields are required if the following are not supplied:

      • User Name and Password
      • Access Key and Secret Key

    5. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

    6. API Optional Prefix - Optional API prefix

    7. HTTPS Proxy (optional) - Connect the adapter to a proxy instead of directly connecting it to the domain.

    8. HTTPS Proxy User Name (optional) - The user name to use when connecting to the URL of the Tenable.sc management server via the value supplied in HTTPS Proxy.

    9. HTTPS Proxy Password (optional) - The password to use when connecting to the URL of the Tenable.sc management server via the value supplied in HTTPS Proxy.

    10. Enable Client Side Certificate - Select to enable Axonius to send requests using the certificates uploaded to allow Mutual TLS configuration for this adapter.

      TLSonAdapter.png

      • Click Choose file next to Client Private Key File to upload a client private key file in PEM format
      • Click Choose file next to Client Certificate File to upload a public key file in PEM format

    11. To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

    Tenable_sc_3-3-22


    Advanced Settings

    Note:

    Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

    1. Do not fetch devices with no MAC address and no hostname - Select whether to exclude fetching devices without a MAC address or hostname.
      • If enabled, all connections for this adapter will only fetch devices having either a MAC address or hostname.
      • If disabled, all connections for this adapter will fetch devices even if they don't have either a MAC address or hostname.
    2. Do not fetch devices with no MAC address and no hostname and no os type - Select whether to exclude fetching devices without either a MAC address, hostname, or operating system (OS) types.
      • If enabled, all connections for this adapter will only fetch devices having either a MAC address, hostname, or OS type.
      • If disabled, all connections for this adapter will fetch devices even if they don't have either a MAC address, hostname, or OS type.
    3. Fetch Top N installed software (optional, default: 0) - Specify the number of the top most common installed software fetched from Tenable.sc.
      • If supplied, all connections for this adapter will fetch the top N most common installed software fetched from Tenable.sc.
      • If not supplied (or '0') - all connections for this adapter will not fetch any installed software from Tenable.sc.
    4. Fetch installed software per device - Choose whether to fetch all installed software from Tenable.sc.
      • If enabled, all connections for this adapter will fetch installed software fetched from Tenable.sc.
        • If you select this option, set Fetch top N installed software as 0.
      • If disabled, all connections for this adapter will not fetch any installed software from Tenable.sc.
    5. Fetch vulnerabilities - Select to fetch devices' unmitigated vulnerabilities data from Tenable.sc.
      Note: If you want to also fetch mitigated vulnerabilities appearing in the Mitigated table of Tenable.sc, select Fetch vulnerabilities and Fetch mitigated vulnerabilities.
      When a vulnerability is fetched from the Mitigated table it is marked 'Mitigated - Not Vulnerable'. When a vulnerability is fetched from the cumulative table and was vulnerable before, it is marked 'Previously Mitigated (Currently Vulnerable)'
    6. Fetch SCAP scans - Select whether to fetch data from SCAP scans.
      • If enabled, all connections for this adapter will fetch data from SCAP scans.
      • If disabled, all connections for this adapter will not fetch data from SCAP scans.
    7. Do not fetch devices with unauthenticated scans only - Choose whether to fetch devices with unauthenticated scans only Tenable.sc.
      • If enabled, all connections for this adapter will fetch devices with authenticated scans only from Tenable.sc.
      • If disabled, all connections for this adapter will fetch devices with authenticated and unauthenticated scans from Tenable.sc.
    8. Fetch info level vulnerabilities only for listed plugin IDs (optional) - Specify a comma-separated list of Tenable.sc plugin IDs.
      • If supplied, all connections for this adapter will only collect info level vulnerabilities from Tenable.sc for the plugin IDs provided in this list.
      • If not supplied, all connections for this adapter will not collect any info level vulnerabilities from Tenable.sc.
    9. Repository name exclude list (optional) - specify a comma-separated list of Tenable.sc repositories. Repositories are databases within Tenable.sc that contain vulnerability data. For more details, see Tenable.sc - Repositories.
      • If supplied, all connections for this adapter will not fetch vulnerabilities from repositories which are any of the comma-separated list of Tenable.sc repositories that have been defined in this field.
      • If not supplied, all connections for this adapter will fetch any vulnerability regardless of their Tenable.sc repository.
    10. Repository name include list (optional) - Enter names of one or more comma separated repositories from which to fetch data. If you use this field, data will only be fetched from these repositories.
    11. Repository name exclude list - use 'contains' logic instead of exact match - Select whether to consider the values supplied in Repository name exclude list field as the exact repository names.
      • If enabled, all connections for this adapter will not fetch vulnerabilities from repositories their name contains any of the supplied values in the Repository name exclude list field.
      • If disabled, all connections for this adapter will not fetch vulnerabilities from the repositories their name exactly matches one of the supplied values in the Repository name exclude list field.
    12. Enable fetching of asset groups - toggle on this option to fetch Tenable asset groups.
      1. Fetch from devices without UUID - Select this option to fetch asset groups from devices without UUID. This setting is only relevant when Enable fetching of asset groups is enabled. When this selection is cleared, then all tenable asset group information is fetched.
    13. Fetch scan results - Select whether to fetch scan results for each repository.
      • If enabled, all connections for this adapter will fetch scan results for each repository.
      • If disabled, all connections for this adapter will not fetch any scan results.
    14. Fetch scan details - Select whether to fetch a new request (scan details) for each repository.
    15. Don’t populate OS from a not reliable source - Select whether to populate the OS fields only if the data from Tenable is considered reliable, that is from a Tenable agent or an authenticated scan.
      • If enabled, all connections for this adapter will only populate OS fields if the data is from a Tenable agent or an authenticated scan.
      • If disabled, all connections for this adapter will populate OS fields.
    16. Async chunks in parallel (required, default: 50) - Specify the number of parallel requests all connections for this adapter will send to the Tenable.sc server in parallel at any given point.
    17. Fetch additional device data in the background - Select to fetch some device data in the background, such as fetching installed software per device and asset groups.
    18. Run background fetch every X hours (optional, default: 24) - Enter the number of hours to wait before running a fetch in the background. If left empty, a background fetch will start after every regular fetch.
    19. Parse interface name from vulnerability text - Select whether to parse device interface name from the vulnerability text.
      • If enabled, all connections for this adapter will parse the device interface name from the vulnerability text.
      • If disabled, all connections for this adapter will not parse the device interface name.
    20. Fetch installed software from Tenable plugins - Select installed software plugins from the drop-down list about which to fetch information.
    21. Fetch installed software from Plugin ID 20811 - Select whether all connections for this adapter will parse the installed software from the Plugin data (text) of the Plugin ID 20811.
      When the plugin text does not have information about the installed software then the regular installed software is used. If this field is cleared, then the regular installed software is used.
    22. Fetch hostname from Plugin ID 55472 - Select whether all connections for this adapter will parse the device hostname from the Plugin data (text) of the Plugin ID 55472.
      When the plugin text does not have information about the hostname then the regular host name is used. If this field is cleared, then the regular hostname is used.
    23. Fetch Windows services from Plugin ID 44401 - Select whether all connections for this adapter will fetch data from the Windows services plugin 44401 for each device.
    24. Fetch all plugin IDs over 1M (optional) - Select whether to fetch all plugin IDs equal or greater than 1,000,000 (no matter their severity or info level).
    25. Parse certificate from Plugin ID 10863 (optional) - Select to parse certificate information from plugin ID number 10863.
    26. Fetch tags from assets - Select whether to fetch asset tags for devices.
    27. Parse Windows Store Application from Plugin ID 85736 - Select this option to fetch the Plugin ID 85736 and parse the results as a list of strings containing the Windows Store Applications installed on the device
    28. Fetch First Discovery Date and Last Observed Date from Plugin-19506 - Select this option to use Plugin-19506 to fetch the first discovery date and the last observed data for devices.
    29. Exclude devices with hostname starting with - Use this option to exclude devices whose hostnames start with a defined string. Enter the string, or a comma separated list of strings which the hostnames to exclude will start with.
    30. Fetch alerts - Select this option to fetch Tenable.sc alerts as a new asset in the Alerts/Incidents category.
    31. Fetch and parse OS Identification from Plugin-11936 output only - Select this option to only parse the OS Identification field from the output of the Plugin-11936.
      26.Fetch OS serial information - Select this option to fetch OS Serial information from plugins 131568, 35351, 24270.


    Note:

    For details about general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

    Required Permissions

    The value supplied in User Name and Password / API Key and API Secret / Session Token and Session Key must be for an account in Tenable.sc that has the “Security Manager” role, with access to all the required repositories.
    For details about Tenable SC user roles, see User Roles.
    For details about generating an API key and secret pair, see Tenable.sc - Generate API Keys.


    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout