Tenable.sc Open Vulnerabilities Integration

Chris_Gitonga
Tera Contributor

Has anyone had the issue of the Tenable.sc Open Vulnerabilities Integration not loading open vulnerabilities? I've integrated to our Tenable dev instance and all the other jobs have loaded. For testing purposes, I enabled the fixed vulnerability job and that loaded without any issues.

1 ACCEPTED SOLUTION

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey there - That is interesting...

A few things to review:

1) Ensure that your version of Tenable.SC is running v5.13 or higher

2) What version of the NOW SecOps (Store App) for Tenable are you using?

3) Are you having issues with the Tenable Asset job as well - or is this running smooth and creating Discovered items as expected, w/ no errors on the Integration Runs?

4) What particular 'Start time' value are you using for the Open Vulnerability job?
   - Are you going back a few hours in time, a few days, a few weeks?

5) On the integration runs, what do the jobs show?
    - Are they finishing successfully?
    - Do the jobs show any errors?
    
6) What 'severity 'filters do we have set for the Tenable.SC jobs?   
     - E.g. Critical, High, Med
     - E.g. Critical, High, Med, Low?

7) The big nugget here for Tenable.SC - is going to be the Query Filter in Tenable.SC that you are using 
   - a) Can you spot check that Query Filter in Tenable.SC and confirm that the "Tool" is set to "Vulnerability Detail"
      --> If it is not this value - that may probably the stubborn culprit 
   - b) Could you try using a different Filter Query (maybe spin up a new one in Tenable.SC, and set that one in ServiceNow as the filter to use), with the Tool set to Vulnerability Detail to rule that out 

View solution in original post

2 REPLIES 2

andy_ojha
ServiceNow Employee
ServiceNow Employee

Hey there - That is interesting...

A few things to review:

1) Ensure that your version of Tenable.SC is running v5.13 or higher

2) What version of the NOW SecOps (Store App) for Tenable are you using?

3) Are you having issues with the Tenable Asset job as well - or is this running smooth and creating Discovered items as expected, w/ no errors on the Integration Runs?

4) What particular 'Start time' value are you using for the Open Vulnerability job?
   - Are you going back a few hours in time, a few days, a few weeks?

5) On the integration runs, what do the jobs show?
    - Are they finishing successfully?
    - Do the jobs show any errors?
    
6) What 'severity 'filters do we have set for the Tenable.SC jobs?   
     - E.g. Critical, High, Med
     - E.g. Critical, High, Med, Low?

7) The big nugget here for Tenable.SC - is going to be the Query Filter in Tenable.SC that you are using 
   - a) Can you spot check that Query Filter in Tenable.SC and confirm that the "Tool" is set to "Vulnerability Detail"
      --> If it is not this value - that may probably the stubborn culprit 
   - b) Could you try using a different Filter Query (maybe spin up a new one in Tenable.SC, and set that one in ServiceNow as the filter to use), with the Tool set to Vulnerability Detail to rule that out 

Chris_Gitonga
Tera Contributor

1)  Ensure that your version of Tenable.SC is running v5.13 or higher

Running Version: 6.1.0

2) What version of the NOW SecOps (Store App) for Tenable are you using?


Vulnerability Response 20.0.2

Vulnerability Response Integration with Tenable 3.8.1


3) Are you having issues with the Tenable Asset job as well - or is this running smooth and creating Discovered items as expected, w/ no errors on the Integration Runs?

No

4) What particular 'Start time' value are you using for the Open Vulnerability job?
   - Are you going back a few hours in time, a few days, a few weeks?

6 Months

5) On the integration runs, what do the jobs show?
    - Are they finishing successfully? yes
    - Do the jobs show any errors? No
    
6) What 'severity 'filters do we have set for the Tenable.SC jobs?   
     - E.g. Critical, High, Med
     - E.g. Critical, High, Med, Low?

There is no Dropdown for tenable.sc:

Reference https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0870926

The drop-down selections are set on the Tenable side with the Query filter.

7) The big nugget here for Tenable.SC - is going to be the Query Filter in Tenable.SC that you are using 
   - a) Can you spot check that Query Filter in Tenable.SC and confirm that the "Tool" is set to "Vulnerability Detail"
      --> If it is not this value - that may probably the stubborn culprit 
   - b) Could you try using a different Filter Query (maybe spin up a new one in Tenable.SC, and set that one in ServiceNow as the filter to use), with the Tool set to Vulnerability Detail to rule that out 

 

As you stated, this was the issue. We created a new query filter in tenable and used that in the plugin. We did a manual import and they loaded. Thanks for the help.