Tenable integration and configuration: how to get them right first time.

The remediation of vulnerabilities in your organization's systems starts with the configuration of your scanner in your ServiceNow environment.

In under 25 minutes, Luke Kasper Principal Security Consultant and Nick Keuning, Director of Solutions Architecture at Tenable, the true experts of ServiceNow usage and Tenable, take us through the essential steps to get it this right, on the first try.

It is easy when you see it being done, but there are some key principles to abide by and a sequence of actions that needs to be followed to get the best out of your setup without wasting any time.

This is an absolute must watch whether you are about to start implementing Vulnerability Response or you have already made progress.

This episode of the 2020 series of Vulnerability Response tutorials is best watched after these prequels:

• Vulnerability Response overview.
• The importance of your CMDB for VR.
• CI Matching: what is it, how to get it right.

 ---------------------------

 Video contents:

00:01 Introductions.

01:00 Refreshers:

- The maturity framework,

- The 2020 Vulnerability Response tutorials series,

- The dedicated Vulnerability Response forum,

- Scanner - ServiceNow VR - CMDB

02:00 Understand your Tenable integration:

- Tenable specific concepts,

- Tenable applications: Connector, for Assets, for VR,

- Queries.

03:20 How it all fits together (always install Connector first).

04:14 "Tenable Assets Attribution Field".

04:44 "Assets Pending Approval".

05:26 Configure Tenable: start with the Connector, Scheduled Jobs, always start with Assets, Lookup Rules, Queries, small data sets to start, Assets Pending Approval, Custom CI Lookup Rules, Rule builder, scripts, Out of the Box Rules are a good starting point, TenableSC Uniqueness Match: do not disable this rule!, cleanup of Assets Pending Approval.

15:50 "CI Creating Rules". to create CIs on the basis of assets found by Tenable.

17:42 Expand to larger data sets. "Crawl - walk - run". Just change the query. Delete the time stamp to collect all the data for that query instead of simply the delta.

19:35 For large data sets: from single-thread (50k assets per hour). Multi-threading features can be enable for multi data sources / threads. Up to 200 assets per hour.

20:59 What is specific to Tenable.io. Some differences in the set-up: Field naming. 21: 56 What you should do right now: start small, tune correctly, medium data set, tune again, only then move to the VR section. Ensure that assets and CIs are matching properly. Watch the CI Matching video tutorial.

23:21 Conclusion and reminders

Download the slides in PDF format below.