Set additional filter parameters for Tenable.io imports

  • Release version: Xanadu
  • Updated February 5, 2025
  • 1 minute to read

    • Customize the filtering parameters for your scheduled queries with the Tenable Vulnerability Integration to help you further refine the vulnerability data you import with the Tenable.io product.

    Before you begin

    Use cases: As a vulnerability manager or analyst, you might want to filter out data from your queries so that you can review only specific vulnerability details. For example, say you want to view imported vulnerabilities that are filtered by cidr_range, num_assets, indexed_at, and plugin_family. Or, say you want to run a Tenable.io integration such that one run imports only critical vulnerabilities every four hours, and another runs every 24 hours to fetch all the other non-critical vulnerabilities.

    To help you gather this data, you might add tenable-supported parameters to help you import the specific vulnerability details you need.

    Without adding additional API calls or coding, this feature permits you to customize your HTTP Request information with Tenable parameters in your ServiceNow AI Platform. The following Tenable.io Integrations support filtering by providing JSON content in the request body:
    • Assets Integration
    • Fixed Vulnerability Integration
    • Open Vulnerabilities Integration

    You should know how to use JSON strings for this feature.

    Role required: sn_vul.vulnerability_admin

    Procedure

    1. Locate the parameters supported by the Tenable.io product on the developer site that you want to use for your filtering.

      Parameters and values you enter from the Tenable.io product are supported only at the integration instance level.

    2. Navigate to All > Tenable Vulnerability Integration > Administration > Integrations.
    3. On the Tenable Integrations list page, click the record for the Tenable.io integration that you want to open.
    4. With the Tenable REST methods tab selected, click the information icon (I) for REST method followed by Open Record.
    5. Select the HTTP Request tab.
    6. To edit the record, at the top of the page, click the link in, To edit the record click here.
    7. In the REST Method record in the Content field, enter the JSON content that you want as part of the request body.

      As an example, you might set the severity parameter for imported vulnerabilities as, {"filters": {"severity": ["critical"]}} for the Tenable.io Assets Integration so it imports only critical vulnerabilities (CVSS score of 10.0).

      If you want to enter more than one parameter, refer to the Tenable.io documentation for more information about how to separate each value.

    8. Click Update.