Tenable.io - rescan VIs

Patrik Z · ‎03-21-2022

I'm trying to set up and test the manual rescan for a single VI using the Tenable.io integration with SNow. I have updated the SN w/ Tenable plugin to version 3.0.5 and activated the scheduled integration.

When I open the setup assistant for VR I see that there are 6 active jobs and 'Scan Credentials' is one of them:

However when I open the Tenable.io setup I can see only the original 4 jobs that I can actually configure using the setup assistant:

So I tried to manually initiate the scan using the UI button on the VI form I can see multiple CIs in the list:

But when I search for the particular CI, I don't get any results:

I've read the product documentation for the rescan but I guess I am missing something. Can anybody help me understand this functionality at least a little so that I can properly test it, please?

Thanks for your help.

john_gibbons · ‎03-28-2022

What happens when you go to Discovered Items. Select a Discovered Item that you know is active in your network. and Select the "Rescan" UI action on the top right. The select a Credential to use for the Scan(these are not CIs - they are credentials to use for the scan) - Then your "Rescan UI action will be selectable).

View solution in original post

john_gibbons · ‎03-23-2022

https://docs.servicenow.com/bundle/sandiego-security-management/page/product/secops-integration-vr/tenable/task/vr-tenable-rescan-tenable-io_1.html

Start from the "Procedure" section in the docs.

According to the documentation, you only need to select the credential to be used with the rescan.

Patrik Z · ‎03-24-2022

Yeah, I've read the docs twice already but haven't found anything helpful there 😄 Then I turned to Community.

As I mentioned in my previous response, I have triggered the template int. and then scan cred. int. just as it's described in the docs with no success whatsoever.

john_gibbons · ‎03-25-2022

Please verify you have tried this and the integrations completed successfully?

Go to Tenable Vulnerability Integration>Integrations> Select one of the following:

Tenable.io Template Integration
Tenable.io Scan Credential Integration

Make sure the integration is active and then select Execute.

Does the associated integration run complete?

If yes, then go to the following Tenable tables for templates and scan credentials, and validate there is data.

sn_vul_tenable_scan_credential
sn_vul_tenable_io_template

If you tried all of these steps and you still do not have any data, make sure the user associated the the API credentials have access to the templates and credentials you expect to see. You can also check the logs for any errors with the integration to see if there is an issue with the integration itself.

From your previous screenshots it looks like at one point you had credentials. The error you referenced mentions you do not have the template UUID available - that usually means it is not shared with the user.

Patrik Z · ‎03-28-2022

Hey John,

Yeah, both integrations are Active and have been executed. I hadn't known about the two tables (thanks for that one by the way) so I've checked and there is some data. Precisely, there is:

sn_vul_tenable_scan_credential

54 record - I can see the names of the CIs there

sn_vul_tenable_io_template

1 record (screenshot)

Is there anything else I can do and/or check to get the rescan to work? Or could it be the issue lies on Tenable side and the client need to set up their Tenable account?

john_gibbons · ‎03-28-2022

What happens when you go to Discovered Items. Select a Discovered Item that you know is active in your network. and Select the "Rescan" UI action on the top right. The select a Credential to use for the Scan(these are not CIs - they are credentials to use for the scan) - Then your "Rescan UI action will be selectable).