Tenable.io integrations with the Vulnerability Response and Configuration Compliance applications

  • Release version: Zurich
  • Updated July 31, 2025
  • 6 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Tenable.io Integrations with Vulnerability Response and Configuration Compliance Applications

    The Tenable.io integrations enhance the Vulnerability Response and Configuration Compliance applications within ServiceNow. These integrations allow you to retrieve and manage asset data, vulnerability information, and compliance results, enabling effective identification and remediation of vulnerabilities across your environment.

    Show full answer Show less

    Key Features

    • Tenable.io Assets Integration: Imports asset data, including tags and secure configuration assessment data, to identify configuration-related vulnerabilities.
    • Tenable.io Compliance Results Integration: Retrieves secure configuration assessment data to enhance vulnerability management.
    • Tenable.io Compliance Results Backfill Integration: Matches configuration assessment data with missing assets after the assets integration completes.
    • Tenable.io Scan Credential Integration: Imports scan credentials for initiating scans from ServiceNow.
    • Tenable.io Plugin Integration: Retrieves updated plugin data to ensure vulnerability identification is current.
    • Tenable.io Fixed Vulnerabilities Integration: Processes vulnerability data allowing visibility into fixed vulnerabilities and their remediation.
    • Tenable.io Open Vulnerabilities Integration: Captures new and reopened vulnerabilities for ongoing risk management.
    • Tenable.io/scan Metadata Integration: Stores and links scan metadata to discovered items for improved vulnerability context and reporting.

    Key Outcomes

    By implementing these integrations, ServiceNow customers can expect:

    • Comprehensive visibility into asset vulnerabilities and compliance status.
    • Improved remediation processes through detailed configuration assessment data.
    • Enhanced reporting capabilities with linked metadata for auditability.
    • Automation of vulnerability and compliance management to streamline operations.

    The Tenable.io integrations in the Vulnerability Response Integration with Tenable application are available in the Vulnerability Response and Configuration Compliance applications.

    List of Tenable.io integrations

    Multi-source is supported for all of the Tenable.io and Tenable.sc integrations. You can add and deploy multiple instances of the following integrations across your environment from Setup Assistant in Vulnerability Response. You also install and configure the Vulnerability Response Integration with Tenable application from Setup Assistant.

    Tenable.io is a cloud-based enterprise integration. See the following table for the names and descriptions of the supported integrations for the Tenable.io product.

    The Tenable.io Compliance Results Integration and the Tenable.io Compliance Results Backfill Integration are inactive by default.

    To activate them:
    1. Navigate to Tenable Vulnerability Integration > Administration > Integrations.
    2. On the Tenable Integrations list, click an integration name to open the record and select the Active check box to enable it. You might prefer to leave the schedule settings in their default values for these integrations to start.
    Table 1. Tenable.io integrations
    Integration Description
    Tenable.io Assets Integration
    • Retrieves all asset data, including asset tags, from the Tenable.io product and processes it in your instance.
    • Starting with v3.0, If the Tenable.io Compliance Results Integration is activated, you can import secure configuration assessment data along with imported asset data. This data can help you the identify and respond to the configuration-related vulnerabilities on your assets.
    • Creates unique CIs for unmatched assets, or updates existing CIs with the network partition identifier attribute for assets across your environment that share the same IP address.
    • Coordinates the REST message calls to the Asset API.
    • The output of this integration is discovered items.
    • Data is imported in chunks and stored in the [sn_vul_tenable_chunk_status] table. Table cleaner automatically removes stored data from this table after 30 days.
    • Starting with v2.2, Last Scan Time is imported and updated only for assets that have vulnerabilities.
    Tenable.io Compliance Results Integration
    • Starting with v3.0, imported secure configuration assessment data from the Compliance Results Integration along with imported data from the Assets Integration can help you identify and respond to the configuration-related vulnerabilities on your assets.
    • If enabled, retrieves high-level secure configuration assessment data and processes it in your ServiceNow AI Platform instance. Imported data includes test results along with policies, configuration tests (controls) and citations with authoritative sources.
    • Assessment data for missing assets or assets without asset IDs are not imported.
    • If a test result is imported and its corresponding asset cannot be matched in your instance, the test result is ignored and the ID for the missing asset is stored in a temporary record in the [sn_vul_tenable_missing_asset] table.
    • The total value of ignored (missing) assets is listed in the Ignored CIs field on the Configuration tab on the integration run record for this integration.
    Tenable.io Compliance Results Backfill Integration
    • When activated, this integration runs automatically after the assets integration is successfully completed as part of a chained integration run. This integration matches configuration assessment data with missing assets listed on the [sn_vul_tenable_missing_asset] table.
    • Imports up to 200 asset IDs for any missing assets discovered or present in the instance after the assets integration import is successfully completed.
    • Removes the temporary records from the [sn_vul_tenable_missing_asset] table when assets can be matched with corresponding configuration assessment data.
    Tenable.io Scan Credential Integration
    • This integration retrieves the scan credentials configured in Tenable.io.
    • Coordinates the REST message calls to the Credentials API.
    • The output of this integration is scan credentials populated in the [sn_vul_tenable_scan_credential] table,.
    • The imported credentials are used to access the scanner when scan requests are initiated from the ServiceNow AI Platform.
    • This integration is scheduled to run weekly.
    Tenable.io Template Integration

    A template record is sent to Tenable.io during rescan. This integration retrieves available Tenable.io credentials to use for rescans. Credentials are instance-specific, and a single template record is imported and securely stored temporarily on the [sn_vul_tenable_io_template] table.
    Tenable.io Plugin Integration
    • Retrieves the plugin data from the Tenable.io product. Retrieved data are based on the date the plugins were last updated by a Tenable.io integration run.
    • This import ensures that the Tenable.io Identifiers (Ten IDs) are current.
    • Coordinates the REST message calls to the Plugin API.
    • The output of this integration is third-party vulnerabilities.
    Tenable.io Fixed Vulnerabilities Integration
    • Retrieves vulnerability data based on severity filters from the Tenable.io product and processes it in your instance. Vulnerable items are created for detection records which are in the Open and Reopened states, because these records require remediation. Existing vulnerable items are updated by Vulnerability Response if detections are Fixed, but vulnerable items are not created for Fixed detections by default, because Tenable considers Fixed vulnerabilities Mitigated.
    • When the flag Create vulnerable times for Fixed Vulnerability detections is activated in Setup Assistant, new VIs are created in the Fixed state so you have visibility into the detections that created them. Since VIs are created for Fixed detections that do not already exist in your instance, this might negatively impact your import performance. You may prefer to leave this feature deactivated so that Fixed detections only update the states of existing vulnerable items.
    • Creates unique CIs for unmatched assets, or updates existing CIs with the network partition identifier attribute for assets across your environment that share the same IP address.
    • Coordinates the REST message calls to the Vulnerabilities API.
    • The output of this integration is Closed/Fixed vulnerable items (VIs). It also creates assets and third-party entries if they don't exist.
    • Data is imported in chunks and stored in the [sn_vul_tenable_chunk_status] table. Table cleaner automatically removes stored data from this table after 30 days.

    This integration run is scheduled. It is a chained integration, which means after a run is successfully completed, the open vulnerabilities integration described below is triggered.

    Starting from Tenable v3.3, you can view the following information for the vulnerability integration runs:
    • Total chunks: Total number of chunks being generated by Tenable
    • Available chunks: Number of chunks available for download for ServiceNow
    Tenable.io Open Vulnerabilities Integration
    • This integration is triggered upon successful completion of the Tenable.io Fixed Vulnerabilities Integration.
    • Retrieves vulnerability data based on the severity filters from the Tenable.io product and processes it in your instance.
    • Creates unique CIs for unmatched assets, or updates existing CIs with the network partition identifier attribute for assets across your environment that share the same IP address.
    • Coordinates the REST message calls to the Vulnerabilities API.
    • The output of this integration is New/Reopened vulnerable items (VIs). It also creates configuration items and third-party entries if they don't exist. Tenable considers active vulnerabilities Cumulative (current).
    • Data is imported in chunks and stored in the [sn_vul_tenable_chunk_status] table. Table cleaner automatically removes stored data from this table after 30 days.
    Starting from Tenable v3.3, you can view the following information for the vulnerability integration runs:
    • Total chunks: Total number of chunks being generated by Tenable
    • Available chunks: Number of chunks available for download for ServiceNow
    Tenable.io/scan Metadata Integration

    This integration retrieves metadata from the /scans endpoint. It pulls scan information based on the last_schedule_id from the existing asset data in Tenable.io.

    The integration of the /scans endpoint from Tenable.io involves the following implementation steps:
    • Table Creation: A new custom table, sn_vul_tenable_scan, is created to store scan metadata retrieved from the Tenable.io/scans endpoint. This includes details such as scan ID, name, status, start time, end time, and scan type.
    • Data Association: A reference field is established between discovered items (configuration items or vulnerabilities) and the corresponding latest scan record in the sn_vul_tenable_scan table. This linkage allows you to:
      • View the most recent scan information associated with each discovered item.
      • Improve context for vulnerability triage and remediation decisions.
      • Enhance auditability and reporting capabilities by maintaining a historical record of scan activities.