- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-21-2022 08:13 AM
I'm trying to set up and test the manual rescan for a single VI using the Tenable.io integration with SNow. I have updated the SN w/ Tenable plugin to version 3.0.5 and activated the scheduled integration.
When I open the setup assistant for VR I see that there are 6 active jobs and 'Scan Credentials' is one of them:
However when I open the Tenable.io setup I can see only the original 4 jobs that I can actually configure using the setup assistant:
So I tried to manually initiate the scan using the UI button on the VI form I can see multiple CIs in the list:
But when I search for the particular CI, I don't get any results:
I've read the product documentation for the rescan but I guess I am missing something. Can anybody help me understand this functionality at least a little so that I can properly test it, please?
Thanks for your help.
Solved! Go to Solution.
- Labels:
-
Vulnerability Response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-28-2022 08:29 AM
What happens when you go to Discovered Items. Select a Discovered Item that you know is active in your network. and Select the "Rescan" UI action on the top right. The select a Credential to use for the Scan(these are not CIs - they are credentials to use for the scan) - Then your "Rescan UI action will be selectable).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-23-2022 09:03 AM
https://docs.servicenow.com/bundle/sandiego-security-management/page/product/secops-integration-vr/tenable/task/vr-tenable-rescan-tenable-io_1.html
Start from the "Procedure" section in the docs.
According to the documentation, you only need to select the credential to be used with the rescan.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-24-2022 05:59 AM
Yeah, I've read the docs twice already but haven't found anything helpful there 😄 Then I turned to Community.
As I mentioned in my previous response, I have triggered the template int. and then scan cred. int. just as it's described in the docs with no success whatsoever.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-25-2022 01:34 PM
Please verify you have tried this and the integrations completed successfully?
Go to Tenable Vulnerability Integration>Integrations> Select one of the following:
- Tenable.io Template Integration
- Tenable.io Scan Credential Integration
Make sure the integration is active and then select Execute.
Does the associated integration run complete?
If yes, then go to the following Tenable tables for templates and scan credentials, and validate there is data.
- sn_vul_tenable_scan_credential
- sn_vul_tenable_io_template
If you tried all of these steps and you still do not have any data, make sure the user associated the the API credentials have access to the templates and credentials you expect to see. You can also check the logs for any errors with the integration to see if there is an issue with the integration itself.
From your previous screenshots it looks like at one point you had credentials. The error you referenced mentions you do not have the template UUID available - that usually means it is not shared with the user.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-28-2022 12:45 AM
Hey John,
Yeah, both integrations are Active and have been executed. I hadn't known about the two tables (thanks for that one by the way) so I've checked and there is some data. Precisely, there is:
- sn_vul_tenable_scan_credential
- 54 record - I can see the names of the CIs there
- sn_vul_tenable_io_template
- 1 record (screenshot)
Is there anything else I can do and/or check to get the rescan to work? Or could it be the issue lies on Tenable side and the client need to set up their Tenable account?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-28-2022 08:29 AM
What happens when you go to Discovered Items. Select a Discovered Item that you know is active in your network. and Select the "Rescan" UI action on the top right. The select a Credential to use for the Scan(these are not CIs - they are credentials to use for the scan) - Then your "Rescan UI action will be selectable).