Vulnerability Response Tenable Integration: Issue with rescanning

Arunkumar Jayar
Tera Contributor

‎03-31-2026 03:43 AM

Hello Everyone,
 
We have enabled the Rescan functionality in the Vulnerability Response Tenable integration.
 
When we trigger a rescan for Active Scans, the request is submitted successfully, and ServiceNow receives a valid response from Tenable. However, when initiating a rescan for the Agent repository, we encounter the following error:
 
“Error: Invalid response code received from TenableSCScanner status 403 – Please specify a valid Repository.
Access denied. You do not have permission to access this resource. Verify your credentials or contact Tenable.sc support for assistance.”
 
As suggested, we contacted the Tenable support team regarding the access issue and validated the permissions; everything appears to be correctly configured. We also verified the repository IDs and observed that this error occurs only for IDs related to the Agent repository.
 
Looking for your support to understand if anyone has experienced a similar issue or has a solution.
0 Helpfuls
  • 552 Views
1 REPLY 1

william_tran
ServiceNow Employee

2 weeks ago

Hi Arunkumar,

 

This is a documented out-of-box (OOB) limitation, not a permissions issue. From the Tenable.sc rescan docs:

▎ "Tenable.sc does not support launching rescan on agent based machines."

The integration's rescan builds an active-scan launch request, which Tenable.sc rejects when the target is an agent repository. 

Why it isn't supported: Tenable.sc agent scans launch at the agent group level on the agent's own check-in cadence, not per-host with per-plugin scoping. Vulnerability Response's rescan is built around one Configuration Item (CI), one plugin, immediate launch, which doesn't map onto the agent operating model. Agents self-report on a schedule by design, so verification is usually addressed by tightening the agent scan cadence rather than by on-demand rescan.

 

Path forward: launch agent scans natively in Tenable.sc and let the OOB integration ingest results on the next import.


Reference: https://www.servicenow.com/docs/r/security-management/configuration-compliance/vr-tenable-rescan-d39...

 

If this helped, mark it as helpful or accept as solution so others can find it.


0 Helpfuls