Tenable.sc with Configuration Compliance

Jason Gervais
Tera Contributor

Is there a plan or roadmap to integrate Tenable.sc with Configuration Compliance or has anybody done this integration?

We currently have Tenable.sc integrated with Vulnerability Response and now would like to start pulling in the compliance data from our scans, but there is only an out of the box integration with Tenable.io and Configuration Compliance which is not possible for us.  

4 REPLIES 4

Jason Stevenson
Tera Contributor

Jason G, My understanding is Vulnerabilty Response and Configuration Compliance are two different use cases. We integrated VR with Tenable. We integrated CC with Tanium and Prisma. We are working on integrating other systems in both products as well. VR ingests vulnerabilities (CVEs) on CIs based on SIEM scans; while CC ingests non-compliances (failed tests against policies) from SIEM scans. I'm not aware that Tenable scans for non-compliance in addition to CVEs. Is that the case? Thanks, Jason S

Correct Vulnerability Response and Configuration Compliance are 2 different use cases.

We use Tenable.sc to scan for server hardening compliance against CIS benchmarks and things like ISO27001 and NIST.

I have explored the Tenable.io integration with Configuration Compliance which works nicely, however I need to use Tenable.SC. Tenable.SC captures the same information via the API in JSON format as Tenable.io, but does have slightly different mapping of key/values in JSON. 

adit
Tera Expert

Currently the CCM integration is only supported for Tenable.io not Tenable.sc

josdsi
Tera Contributor

Are there any news on this?