Tenable.io
  • 24 Jan 2024
  • 9 Minutes to read
  • Dark
    Light
  • PDF

Tenable.io

  • Dark
    Light
  • PDF

Article Summary

Tenable.io automatically discovers and assesses a customer's environment for vulnerabilities, misconfigurations, and other cybersecurity issues.

Related Enforcement Actions

Types of Assets Fetched

This adapter fetches the following types of assets:

  • Devices
  • Users

About Tenable.io

Tenable provides tooling for Vulnerability Assessment, Management, and ultimately Risk-based Vulnerability management. Tenable.io is the cloud platform that provides a rich capability for discovery, assessment, reporting, and prioritization of vulnerabilities across systems and services.

Nessus is a stand-alone scanner used as a Vulnerability Assessment scanner Tenable.sc is the on-premise manager of Nessus scanners for Vulnerability Management across large businesses. ​

Use cases the adapter solves
Discovery and asset enrichment are secondary to the collection of vulnerability (missing patch and configuration) elements The case of unmanaged devices can partially be solved using Tenable.io for automation of enforcing scanning regimes. ​

Data retrieved by Tenable.io
Data collected by each adapter varies slightly between each adapter, and the collective set includes ID (agent-based), OS Type & Distribution, Interfaces / MAC / IP info, CPU, Patches, Software installations, Services & Open Ports, Vulnerabilities, and configuration validation.

Related Enforcement Actions

The Tenable.io adapter can add tags and assets, and similarly, Tenable.sc can add IPs to 'Assets'; these capabilities improve scan coverage, in a single action.

Parameters

  1. Tenable.io Domain (required) - The hostname of the Tenable.io server. When fetching assets and vulnerabilites a different hard-coded domain is used (currently https://cloud.tenable.com).
  2. Access API Key and Secret API Key (required) - An API Key associated with a user account that has the Required Permissions to fetch assets.
Note:

Username/Password Authentication must be toggled off in the Tenable.io console, before you generate your API key/secret, in order to connect connect this adapter.

  1. Tenable.io Tags Include list (optional, case sensitive) - Specify a comma-separated list of tag keys in Tenable.io.
    • If supplied, this adapter will only fetch devices from Tenable.io with any of the tag keys provided in this list.
    • If not supplied, this adapter will fetch all devices from Tenable.io.
  2. Verify SSL - Select to verify the SSL certificate offered by the value supplied in Tenable.io Domain. For more details, see SSL Trust & CA Settings.
  3. HTTPS Proxy (optional) - A proxy to use when connecting to the value supplied in Tenable.io Domain.

For details on the common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Tenableio.png

Advanced Settings

Note:

Advanced settings can either apply for all connections for this adapter, or you can set different advanced settings and/or different scheduling for a specific connection, refer to ​Advanced Configuration for Adapters.

  1. Email domain include list (optional) - Enter a comma separated list of email domains from which only users with email addresses that are connected to this domain are fetched. When the field is empty, users with email addresses from any domain are fetched.

  2. Do not fetch devices with no last scan - Select whether to fetch devices without a Last Seen date.

    • If enabled, all connections for this adapter will not fetch devices if they do not have a Last Seen indication.
    • If disabled, all connections for this adapter will fetch devices even if they do not have a Last Seen indication.
  3. Do not ingest OS for devices with unauthenticated fetches - Set this option ignore devices from unauthenticated fetches, that is, devices without agents.

  4. Scan IDs include list (optional) - Specify a comma-separated list of scan IDs in Tenable.io.

    • If supplied, all connections for this adapter will only fetch devices from Tenable.io scans with the scan IDs provided in this list.
    • If not supplied, all connections for this adapter will fetch all devices from Tenable.io scans.
  5. Tags key-value pair allow list (colon separated) (optional) - Enter a list of key-value tags (separated by a colon) to filter assets to fetch. The adapter will only fetch assets having all the key-value pairs of tags listed.

  6. Fetch agent data (required, default: true) - Select whether to fetch Tenable.io agent data on each device.

    • If enabled, all connections for this adapter will fetch Tenable.io agent data on each device.
    • If disabled, all connections for this adapter will not fetch Tenable.io agent data on each device.
  7. Fetch only agent data - Select whether to only fetch Tenable.io agent data on each device. If this is not selected, everything is fetched.

  8. Cancel old export jobs - Set this option so that the adapter will try to cancel old exports jobs before starting a new one (export is the operation the adapter does to fetch assets and vulnerabilities).

  9. Fetch scan exclusions - Select to fetch scan exclusion status for Tenable.io devices.

  10. Do not fetch devices with no MAC addresses and no hostname - Select to exclude fetching devices without a MAC address and without a hostname.

  11. Fetch fixed vulnerabilities - Select this option to also fetch vulnerabilities with the state ‘fixed’.

  12. Fetch vulnerabilities with severity equal or above this level (required, default: Info) - Select the minimum level of severity to fetch vulnerabilities.

  13. Do not fetch installed software - Select whether to not fetch installed software.

  14. Fetch only active vulnerabilities (required, default: true) - Select whether to fetch only vulnerabilities in Active or in New state. For details, see Tenable.io - Vulnerability States.

    • If enabled, all connections for this adapter will only fetch vulnerabilities in Active or in New state.
    • If disabled, all connections for this adapter will fetch vulnerabilities with any state: New, Active, Fixed or Resurfaced.
  15. Fetch vulnerabilities in the background - Select this option to fetch vulnerabilities for devices in the background, and not as part of a fetch. Note that vulnerabilities will be updated in the UI only after a regular fetch.

  16. Fetch compliance - will be fetched in background - Select this option so that the adapter will fetch compliance data in the background.

  17. Omit dashes from Agent UUID in agent data (optional) - When this option is selected and Fetch agent data is also selected, the dash character is removed from the value retrieved from the Agent UUID field of Tenable.io agent devices.
    Note: The Fetch agent data option must be selected for the Omit dashes... option to properly function.

  18. Do not populate fqdns as asset name - Select to not include fully qualified domain names (FQDNs) as asset names.

  19. Do not fetch vulnerabilities Select this option to not fetch any vulnerabilities option.

    Note:

    Once you select this option, any other Advanced vulnerabilities configuration options will be ignored.

  20. Use agent name as asset name - Select to use an agent name as an asset name.

  21. Fetch Windows services from Plugin ID 44401 - Select to fetch data from the Windows services plugin 44401 for each device.

  22. Fetch only assets updated at the last X days - Enter a value to fetch only assets updated in those number of days. The default value is empty in which case all assets are fetched (from the beginning of time) (entering 0 also fetches all assets).

  23. Compliance scans (optional) - Enter one or more comma-separated scan audit files to parse compliance data.

  24. Fetch installed software from Tenable plugins - Select installed software plugins from the drop-down list about which to fetch information.

  25. Fetch listed info level plugins - Enter plugin IDs for the adapter to fetch at the info level. Press Enter after each plugin.

  26. Fetch network details - Select this option to fetch information about the network to which the device is connected.

  27. Do not insert devices with Scan Name in - Enter a comma separated list of Tenable “scan names”. If devices are in these scan names, they will not be fetched

  28. Fetch web applications - Select this option so that the adapter will fetch web applications as assets.

  29. Use V2 API for fetching web application vulnerabilities - Select this option to use the API v2 instead of API v3 to fetch web application vulnerabilities.

  30. Fetch cloud resources - Select this option so that the adapter will fetch cloud resources as assets.

  31. Parse SSL certificates from Plugin ID 10863 - Select this option to parse SSL certificate information from plugin ID number 10863.

  32. Merge agents and assets in the same tab - Select this option to correlate Tenable.io Assets and Agents and display all the data from them in one tab in the adapter (instead of displaying the default view of each in a separate tab).

  33. List of tags to parse as fields - Enter a comma separated list of tags. The adapter will parse any tags having the key in this list as a dynamic field. If there are multiple tags with the same key the field will be a list.

  34. Fetch deleted devices - Select this option so that the adapter will also fetch devices that were deleted.

  35. Fetch vulnerabilities last seen in the last X days - By default, Tenable Vulnerability Management (Formerly Tenable.io) only brings vulnerabilities last seen in the last 30 days. Enter a number here so that the the adapter will search for vulnerabilities with last seen between today and x days in the past.

  36. Combine tags key and value - Select this option to create the value of a tag in Axonius to be the result of the Tenable key and value concatenation.

  37. Ignore devices that only have this plugin - Enter one or more plugins, for the adapter to not fetch devices that only have plugins with these IDs.

  38. Prefetch assets to localdb - Select this option to first fetch all assets and store locally and then parse the data. This is useful in cases of fetches which take a long time.

  39. Fetch only licensed assets - Select this option to fetch only tenable.io licensed assets.

  40. Exclude disabled users (default: false) - Select this option to not fetch users that are disabled within Tenable.io. That is when this option is selected only users whose account_disabled is set to False or with no value will be fetched.

Note:

For details on general advanced settings under the Adapter Configuration tab, see Adapter Advanced Settings.

Required Permissions

The value supplied in Access API Key and Secret API Key must have read access to devices.

To generate an API key in the Tenable.io console, see Tenable.io - Generate an API Key.

The API Keys are created for a user account. This user account must have the Administrator user permissions because Axonius uses the Export Assets method, which requires Administrator user permissions as described in Tenable.io - Export Assets.

Note:

If you are creating multiple Tenable connections they cannot use the same user account. A separate user account must be created for each one. Refer to Retrieve Asset Data from Tenable.io Limitations.

Additionally, Administrator accounts may require provisioning of the 'Can View' & 'Can Scan' permissions.



Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.