Tenable Integration - scheduled job

Go to solution
kris29
Tera Contributor

‎03-03-2022 04:39 AM

Hi folks,

I have two questions about VR Tenable integration. The screenshot is from PDI.

1. Can someone explain me the difference between Tenable.io and Tenable.sc?
2. Which scheduled job should I keep active to import daily data from Tenable to SN?

find_real_file.png

Labels:
Preview file
69 KB
0 Helpfuls
  • 2,891 Views
1 ACCEPTED SOLUTION

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee
In response to AJ5

‎11-04-2022 05:53 AM

Hi,

There is a "hierarchy" to vulnerabilities.

At the top of the hierarchy is the CWE. The authoritative source for CWE is mitre.org, so we grab it from the source.

Then comes the CVE (which points to a CWE) and the authoritative source again is mitre.org, so we grab it from the source.

Then comes the Tenable Plugins (Points to the CVE). Tenable custom vulnerability definitions. So we grab that next.

Tenable Asset is a way to pull what Tenable knows about your environment. More about this in a minute.

For whatever reason, this is the way the Tenable API works: Pull the Fix vulnerabilities, then pull the open vulnerabilities. More about this in a minute.

The backfill job is complicated to explain, but the way Tenable works makes this necessary.

Tenable scan credentials are necessary if you wish to conduct rescans via ServiceNow.

A Vulnerable Item is made up of a Vulnerability + a Configuration Item (i.e. an Asset).

Pulling in the Assets matches or creates a Configuration Item

The incoming vulnerabilities are combined with the CI's to creat the VIT.

The Vulnerability part of the VIT points to 1 or more CVE, which points to one or more CWE. 

 

 

 

 

View solution in original post

18 REPLIES 18

Go to solution
Saurav Bhardwa2
Tera Contributor
In response to Chris McDevitt

‎05-01-2024 11:01 PM

Thanks for replying @Chris McDevitt . I just checked the status of "NIST National Vulnerability Database Integration - API (CVE only)" Integration. Those all are failing from the recent upgrade that we did Tenable plugin to "Vulnerability Response Integration with Tenable" plugin which is configured by SNOW.

I am receiving the token error but I am not able to find where we are storing the API key info in SNOW, Please check the snip below

SauravBhardwa2_0-1714629512896.png

 

0 Helpfuls

Go to solution
Martin Dewit
Kilo Sage
In response to Saurav Bhardwa2

‎05-02-2024 04:53 AM

Sounds similar to this issue where you might be using the deprecated v1 API: https://www.servicenow.com/community/secops-forum/nist-national-vulnerability-database-integration-a... 

0 Helpfuls

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee
In response to Saurav Bhardwa2

‎05-02-2024 05:01 AM

Hi, as @Martin Dewit pointed out you will need to ensure that you are using the latest version of the NVD integration from the store. 
Now here is the crazy part, for whatever reason, sometime the API key created by NVD does not work! IDK... you just need to creat a new API key.

0 Helpfuls

Go to solution
Hemaxiben Mistr
Tera Contributor
In response to Chris McDevitt

‎05-07-2024 12:53 PM

Hi Chris,

 When I followed ur steps , it created  so many knowledge articles and emails for CWE data.

 

Do u know this is a default behavior?

0 Helpfuls

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee
In response to Hemaxiben Mistr

‎05-07-2024 12:58 PM

Hi,

 

Yes. The integration will populate the Vulnerabilities Knowledge Base:

kbs.jpg

0 Helpfuls