Tenable.sc with Configuration Compliance

Jason Gervais · ‎05-06-2024

Is there a plan or roadmap to integrate Tenable.sc with Configuration Compliance or has anybody done this integration?

We currently have Tenable.sc integrated with Vulnerability Response and now would like to start pulling in the compliance data from our scans, but there is only an out of the box integration with Tenable.io and Configuration Compliance which is not possible for us.

Jason Stevenson · ‎05-07-2024

Jason G, My understanding is Vulnerabilty Response and Configuration Compliance are two different use cases. We integrated VR with Tenable. We integrated CC with Tanium and Prisma. We are working on integrating other systems in both products as well. VR ingests vulnerabilities (CVEs) on CIs based on SIEM scans; while CC ingests non-compliances (failed tests against policies) from SIEM scans. I'm not aware that Tenable scans for non-compliance in addition to CVEs. Is that the case? Thanks, Jason S

Jason Gervais · ‎05-07-2024

Correct Vulnerability Response and Configuration Compliance are 2 different use cases.

We use Tenable.sc to scan for server hardening compliance against CIS benchmarks and things like ISO27001 and NIST.

I have explored the Tenable.io integration with Configuration Compliance which works nicely, however I need to use Tenable.SC. Tenable.SC captures the same information via the API in JSON format as Tenable.io, but does have slightly different mapping of key/values in JSON.

adit · ‎07-11-2024

Currently the CCM integration is only supported for Tenable.io not Tenable.sc

josdsi · ‎06-05-2025

Are there any news on this?