Tenable Integration - scheduled job

Go to solution
kris29
Tera Contributor

‎03-03-2022 04:39 AM

Hi folks,

I have two questions about VR Tenable integration. The screenshot is from PDI.

1. Can someone explain me the difference between Tenable.io and Tenable.sc?
2. Which scheduled job should I keep active to import daily data from Tenable to SN?

find_real_file.png

Labels:
Preview file
69 KB
0 Helpfuls
  • 2,898 Views
1 ACCEPTED SOLUTION

Go to solution
Chris McDevitt
ServiceNow Employee
ServiceNow Employee
In response to AJ5

‎11-04-2022 05:53 AM

Hi,

There is a "hierarchy" to vulnerabilities.

At the top of the hierarchy is the CWE. The authoritative source for CWE is mitre.org, so we grab it from the source.

Then comes the CVE (which points to a CWE) and the authoritative source again is mitre.org, so we grab it from the source.

Then comes the Tenable Plugins (Points to the CVE). Tenable custom vulnerability definitions. So we grab that next.

Tenable Asset is a way to pull what Tenable knows about your environment. More about this in a minute.

For whatever reason, this is the way the Tenable API works: Pull the Fix vulnerabilities, then pull the open vulnerabilities. More about this in a minute.

The backfill job is complicated to explain, but the way Tenable works makes this necessary.

Tenable scan credentials are necessary if you wish to conduct rescans via ServiceNow.

A Vulnerable Item is made up of a Vulnerability + a Configuration Item (i.e. an Asset).

Pulling in the Assets matches or creates a Configuration Item

The incoming vulnerabilities are combined with the CI's to creat the VIT.

The Vulnerability part of the VIT points to 1 or more CVE, which points to one or more CWE. 

 

 

 

 

View solution in original post

18 REPLIES 18

Go to solution
Hemaxiben Mistr
Tera Contributor
In response to Chris McDevitt

‎05-07-2024 01:03 PM

Correct I have 963 CWE knowledge articles . Can u pl provide me the link to the article that u have here in screenshot?

 

0 Helpfuls

Go to solution
Hemaxiben Mistr
Tera Contributor
In response to Hemaxiben Mistr

‎05-07-2024 01:11 PM

I mean the article which shows that this is ootb functionality.

0 Helpfuls

Go to solution
Filip Laznicka
Tera Guru
In response to Chris McDevitt

‎04-17-2025 02:07 PM

Hello @Chris McDevitt 

Could you please provide more clarity on the Tenable.sc Backfill integration?

We're noticing that a significant number of VITs and assets are missing during our daily delta import, and it seems that the Backfill integration is the only way to retrieve them.

We’d like to better understand why this is happening — specifically, why the VITs are not being imported through the daily delta integration and are only available via the backfill few days later.

Thank you!

0 Helpfuls

Go to solution
Randy Ritzer
Tera Expert

‎05-02-2024 06:44 AM

Tenable.SC and Tenable.IO are different Tenable products.  Tenable.IO is a SAAS platform and Tenable.SC is on premise self hosted.  You will need to work with your vulnerability management team to determine which product(s) they are using.  The jobs that are active correspond.  Since Tenable.SC in on premise you'll need to connect through a Mid-Server.

0 Helpfuls