Configure the Tenable Vulnerability Integration using Setup Assistant

  • Release version: Xanadu
  • Updated January 30, 2025
  • 11 minutes to read

    • After you have installed the Vulnerability Response Integration with Tenable application, configure it using the Setup Assistant.

    Before you begin

    Use the following sections to supplement the instructions and prompts provided in Setup Assistant for the Vulnerability Response Integration with Tenable integration.

    Roles required: System Admin (admin) for installation, Vulnerability Admin (sn_vul.vulnerability_admin), or sn_vul.admin (deprecated), and Configure Integration (sn_vul_tenable.configure_integrations) for configuration.

    Procedure

    1. If not displayed, navigate to All > Vulnerability Response > Administration > Setup Assistant > Integration Configuration > Scanner Integrations.
      The Tenable.io, Tenable.sc, and Tenable.cs integrations are displayed.
      Tenable.io and Tenable.sc integrations in Setup Assistant.

      Tenable is a multi-source integration, and you can have multiple deployments of the same third-party integration. The settings from your original third-party integration are used as a template for the settings of each new integration.

      Note:
      If you delete the original vulnerability integration, you have to select another integration to use as your template. Consider disabling the integration instead of deleting it. Integrations created from disabled templates are disabled by default.

      Data from each third-party integration is uniquely identified and available in a single instance of Vulnerability Response.

    2. To the right of the Tenable integration you want to configure, select Edit.
    3. In the Account Credentials form, fill in the fields.
      • Tenable.io requires Administrator access with a permission attribute greater than or equal to 64.
        Note:
        Starting with v3.8 of Vulnerability Response Integration with Tenable, accessing Tenable.io no longer needs administrator privileges. A basic user with a permission attribute equal to 16 can also access the product.
      • Tenable.sc requires Security Analyst or Manager access.
      • Tenable.cs requires a token with access to the Tenable CS Platform Generate token.
      1. Select your Tenable product.
      2. Enter your Tenable account name.
      3. In the Instance URL field, enter the URL for your Tenable platform.
      4. Select an authentication method (in case of Tenable.cs, proceed to step f).

        Based on your version of Tenable.sc, you have two options for authentication:

        Authentication options in Setup Assitant for Tenable
        1. Starting with v5.13 of Tenable.sc, select API Key Authentication. Enter your Tenable Access and Secret Keys.
        2. Prior to v5.13, User authentication is supported by your ServiceNow AI Platform® instance and is required. Enter your ServiceNow AI Platform user name and password.

        Only API key authentication is supported for Tenable.sc. Enter your Tenable Access and Secret Keys.

      5. Optional: Select a MID Server.

        If your ServiceNow AI Platform instance and your Tenable.sc application aren’t in the same location, choose a configured MID Server from the list. For more information, see MID Server.

        • Starting with v15.0 of Vulnerability Response and v3.0 of the Tenable Vulnerability Integration, you have the option to enable the Async_request parameter as described in Data retrieval settings for the Tenable Vulnerability Integration. If you want to make synchronous calls, some configuration with Tenable is required. Contact the Tenable product for help. This parameter once activated is applicable for all the integrations of Tenable.sc and there’s a 30-second timeout. To view the fix scripts, navigate to System Definition > Fix Scripts.

        • For existing customers, a fix script is available if you’re using asynchronous calls.

        If your ServiceNow AI Platform instance and your Tenable.sc application are both on-premise, although not required, you have the option to select a configured MID Server from the list.
        Note:
        Whether you choose to employ a MID Server or not, the integrations time out after five minutes, and a message is displayed when there’s no response from the server.

        If you get a timeout error, in Setup Assistant verify that you have entered the correct credentials and URL.

      6. Enter the API token.
        Note:
        If you get an error for invalid credentials in the Setup Assistant, verify that you have entered the correct credentials and URL.
    4. Select Next to save your changes and proceed to the first integration form.
      In case of Tenable.io and Tenable.sc, the Asset Import Configuration form is displayed. In case of Tenable.cs, the Container Asset Import Configuration form is displayed.
      Note:
      The Container Asset Import Configuration form is visible only if Container Vulnerability Response is installed.
    5. On this form, activate or deactivate the Asset Import Integration, determine the initial start date for the assets you want imported, and schedule when the Tenable asset import should run.

      For Tenable.io

      • Assets Integration can be used with the Tenable.io Compliance Results and Compliance Results Backfill Integration to import secure configuration assessment data about your assets into the Configuration Compliance application.
      • Version 12.2 of the Configuration Compliance application is required on your instance if you wish to import and view this secure configuration assessment data.

        See Configuration Compliance imported data for more information about what data is imported with these integrations and where it’s posted.

      • The Tenable.io Compliance Results and Compliance Results Backfill Integrations aren’t activated by default. If you activate them, you might prefer to use the default schedule settings provided. See the steps listed below for how to locate and activate integrations for the Tenable Vulnerability Integration.
      • You can initiate a rescan on-demand for vulnerable items for the Tenable.io product from your instance. The Tenable.io Template Integration and the Tenable.io Scan Credential Integration are required to be activated prior to initiating rescans.
      By default, these integrations are deactivated. When you enter your credentials for Tenable.io, all Tenable.io integrations are automatically activated. To manually activate or deactivate these integrations:
      1. Navigate to Tenable Vulnerability Integration > Administration > Integrations.
      2. On the list that is displayed, locate the Tenable.io integration records you want.
      3. Open each record and select the Active check box to activate the integration.
      4. Select Update to save your changes.
      5. Return to the Setup Assistant to continue with your configuration for the Tenable Vulnerability Integration with Vulnerability Response.
    6. Select Next to save your changes and proceed to the next form.
      Note:
      In case of Tenable.io and Tenable.sc. For Tenable.cs Host Vulnerabilities Import Configuration form is displayed, continue from step 9 for further Tenable CS configuration.
      The Plugins Import Configuration form is displayed.
    7. On the Plugin Import Configuration form, enable, or disable the Plugins (Third-party Vulnerability Entries) Import determine the initial start date for the plugins you want imported, and schedule when the Tenable Plugins import should run.

      If you want to import all the plugins, vulnerabilities, and assets, leave the initial start date empty.

      • Select Import Plugins Now to import data on-demand.
      • The Advanced Settings link points you to the Plugins Integration record.
      • For the vulnerabilities import, you can schedule and set severity levels for Tenable.io for the vulnerabilities that you want ingested. Determine a date so only the vulnerabilities created or updated starting with a specific date are imported.
      • For the Tenable.sc integration, you can determine a query filter and a date so only the vulnerabilities created or updated starting with a specific date are imported.
    8. Select Next to save your changes and proceed to the next form.
      The Vulnerabilities Import Configuration form is displayed. Enable or disable the integration and determine the initial start date for the vulnerabilities you want imported.
      For the Tenable.io product:
      • Import only the vulnerabilities and associated VIs that match the conditions you choose with the Severity filter.
      • For the Tenable.io assets integration, Last Scan Time is imported and updated only for assets that have vulnerabilities.
      • Enable the Fixed Vulnerabilities option to view VIs for fixed detection records. If this flag is enabled in Setup Assistant, new VIs are created for detections in the Fixed state that don’t exist in your instance. When enabled, this feature may negatively impact your ingestion performance.
      • The Advanced Settings link next to Import Filters points you to the Vulnerabilities Integration record.
      • Select the Import Schedules link at the top to configure how often vulnerabilities are ingested and enable the integration.
      For the Tenable.sc product:
      • Import only the vulnerabilities and associated VIs that match the condition filters set by a Tenable Query in the Tenable platform. See Tenable documentation for more information about Tenable queries.

        The Tenable query filter that you select in the Setup Assistant also applies to the Tenable.sc Assets Integration. Only the assets with the vulnerabilities that match the conditions of the query filter are imported.

      • Enable the Fixed Vulnerabilities option to view VIs for fixed detection records. If this flag is active in Setup Assistant, new VIs are created for detections in the Fixed state that don’t exist in your instance. When active, this feature may negatively impact your ingestion performance.
      • To include the network partition identifier in the IP address lookup, select the Enable Lookup By Network Partition check box from the Lookup By Network Partition section. For more information, see Update configuration items with the network partition identifier for the Tenable Vulnerability Integration.
      • Select Import Schedules at the top to configure how often vulnerabilities are ingested and enable the integration.
      • The Advanced Settings link next to Import Filters points you to the Vulnerabilities Integration record.
      • The ServiceNow® Tenable.sc Scan Credential Integration is enabled (Active) automatically from within the Setup Assistant in your instance when you configure the Tenable.sc Vulnerabilities integrations (Tenable.sc Open and Fixed Vulnerabilities Integrations).

        This Integration imports and updates scanner credentials from the Tenable.sc product in your instance. This integration runs weekly to import and securely store your Tenable credentials data. Navigate to Tenable Vulnerability Integration > Integrations > Tenable.sc Scan Credential Integration to view more information about the Scan Credential Integration.

    9. Select Next on Container Asset Import Configuration step.
      The Host Vulnerabilities Import Configuration form is displayed. Enable or disable the integration.
      • Import only the vulnerabilities and associated VIs that match the conditions you choose with the Severity filter.
      • The Advanced Settings link next to Import Filters points you to the Vulnerabilities Integration record.
      • Select the Import Schedules link at the top to configure how often vulnerabilities are ingested and enable the integration.
      • At the top of the screen next to the Import Schedules link, select the CI Lookup rules link to display the default configuration item (CI) lookup rules. CI Lookup Rules define how asset data from third-party sources are used to identify Configuration Items (CI)s in the ServiceNow AI Platform CMDB. You have the option to add lookup rules or modify the default CI lookup rules on this page. For more information, see CI lookup rules for identifying configuration items from Vulnerability Response third-party vulnerability integrations.
    10. Note:
      This step is only for Tenable.cs Product.
      Select Next to save your changes and proceed to the next form.
      • Import only the container vulnerabilities and associated CVIs that match the conditions you choose with the Severity filter.
      • The Advanced Settings link next to Import Filters points you to the Vulnerabilities Integration record.
      • Select the Import Schedules link at the top to configure how often vulnerabilities are ingested and enable the integration.
      • Container Vulnerabilities Import Configuration is seen only if Container Vulnerability Response is installed.
      Container Vulnerabilities Import Configuration form is displayed. Enable or disable the integration.
    11. Select Finish to save your changes and complete the configuration in Setup Assistant.

    What to do next

    (Optional) Navigate to All > Vulnerability Response > Administration > Vulnerability Calculators > Default Risk Calculator > Tenable Risk Rule to enable the Tenable Risk Rule.

    In the Vulnerability Calculator Rule form that is displayed, select the Active check box to enable it.

    The Tenable Risk Rule is installed with the Vulnerability Response Integration with Tenable application as part of the Default Risk Calculator in the Vulnerability Calculators from Vulnerability Response. The Vulnerability Priority Rating (VPR) is an attribute from the Tenable product that is imported and used with the new default risk calculator. This risk rule is deactivated by default. By enabling the Tenable risk calculator rule, the imported VPR values are used to calculate the Risk Score for vulnerable items. The default weight distribution for this risk calculator: VPR = 70%, Asset=15%, and Business Criticality=15%. Enabling this Tenable Risk Calculator rule may impact your data ingestion performance.

    See Vulnerability Response calculators and vulnerability calculator rules