Tenable.cs integrations with the Vulnerability Response and Container Vulnerability Response application

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Tenable.cs integrations with the Vulnerability Response and Container Vulnerability Response application

    The Tenable.cs integrations are available within ServiceNow's Vulnerability Response and Container Vulnerability Response applications, starting with Vulnerability Response version 20.0 (Yokohama release). These integrations enable automated ingestion and processing of container and host vulnerability data from Tenable.cs, ensuring authentic scan results and comprehensive vulnerability management.

    Show full answer Show less

    Key Features

    • Multi-source support: Allows deployment of multiple Tenable.io, Tenable.sc, and Tenable.cs integration instances via the Setup Assistant, supporting scalable and flexible vulnerability data collection.
    • Agent existence indicator: The "Agent exists" column in the Discovered Items list flags assets scanned by an agent with "true," confirming authenticity of the scan.
    • Cloud-based integration: Tenable.cs integrations utilize REST APIs to retrieve container assets, container vulnerabilities, and host vulnerabilities, processing and updating Configuration Items (CIs) in ServiceNow accordingly.
    • Chained integration runs: Container vulnerability integrations run sequentially for open and fixed vulnerabilities, enabling automated lifecycle tracking from discovery through remediation.
    • Asset and vulnerability data processing: Integrations create or update unique CIs for unmatched or existing assets, including container images, Docker images, container repositories, image findings, third-party entries, and Common Vulnerabilities and Exposures (CVEs).
    • State management: Vulnerability detections are created in open or closed states depending on whether the vulnerabilities are new/reopened or fixed.
    • User authentication support: For Tenable.sc integrations, user authentication tokens are managed automatically, with expired tokens refreshed in the background without interrupting integration runs.

    Practical Benefits for ServiceNow Customers

    • Automates vulnerability data collection from Tenable.cs, reducing manual effort and improving data accuracy.
    • Supports comprehensive tracking of container and host vulnerabilities, enabling prioritized remediation workflows within ServiceNow.
    • Ensures data authenticity by indicating which assets are scanned by agents.
    • Facilitates scalable integration deployment with multi-instance support.
    • Maintains seamless integration operation with automatic token refresh for Tenable.sc user authentication.

    Usage Considerations

    Customers should deploy and configure these integrations via the Setup Assistant in Vulnerability Response and ensure appropriate severity filters are set to control vulnerability data volume. The chained integrations require successful completion of preceding steps to trigger subsequent data retrieval. Monitoring the Vulnerability Integration Run records can help confirm integration health, with token expiration messages indicating automatic background refresh rather than errors.

    The Tenable.cs integrations in the Vulnerability Response Integration with Tenable application are available in the Vulnerability Response and Container Vulnerability Response applications.

    Starting with v20.0 Vulnerability Response, if an asset is scanned by an agent, the "Agent exists" column in the Discovered Items list displays "true," indicating that the scan is authentic.

    List of Tenable.cs integrations

    Multi-source is supported for all the Tenable.io, Tenable.sc, and Tenable.cs integrations. You can add and deploy multiple instances of the following integrations across your environment from Setup Assistant in Vulnerability Response. You can also install and configure the Vulnerability Response Integration with Tenable application from Setup Assistant.

    Tenable.cs is a cloud-based enterprise integration. See the following table for the names and descriptions of the supported integrations for the Tenable.cs product.

    Table 1. Tenable.cs integrations
    Integration Description
    Tenable.cs Cloud Container Assets Integration
    • Retrieves all container asset data from the Tenable.cs product and processes it in your instance.
    • Creates unique CIs for unmatched assets, or updates existing CIs. Coordinates the REST message calls to the Asset API.

    The output of this integration is Discovered Container Images, Docker Images, and Container Repositories.
    Tenable.cs Open Cloud Container Vulnerabilities Integration When activated, this integration runs automatically after the container assets integration is successfully completed as part of a chained integration run.
    • Retrieves container vulnerability data based on the severity filters from the Tenable.cs product and processes it in your instance.
    • Creates unique CIs for unmatched assets, or updates existing CIs.
    • Coordinates the REST message calls to the Vulnerabilities API.

    The output of this integration is New/Reopenedcontainer vulnerable items (CVIs). If they don't exist, it also creates discovered container images, docker images, container repositories, image findings, third-party entries, and Common Vulnerabilities and Exposures (CVE).
    Tenable.cs Fixed Cloud Container Vulnerabilities Integration This integration is triggered on successful completion of the Tenable.cs Open Cloud Container Vulnerabilities Integration.
    • Retrieves container vulnerability data based on the severity filters from the Tenable.cs product and processes it in your instance.
    • Creates unique CIs for unmatched assets, or updates existing CIs
    • Coordinates the REST message calls to the Vulnerabilities API.

    The output of this integration is New/Reopened container vulnerable items (CVIs). If they don't exist, it also creates discover container images, docker images, container repositories, image findings, third-party entries, and CVEs. Image findings are created in closed state.
    Tenable.cs Open Cloud Host Vulnerabilities Integration
    • Retrieves vulnerability data based on the severity filters from the Tenable.cs product and processes it in your instance.
    • Creates unique CIs for unmatched assets, or updates existing CIs.
    • Coordinates the REST message calls to the Vulnerabilities API.

    The output of this integration is New/Reopened vulnerable items (VIs). If they don't exist, it also creates configuration items, third-party entries, and CVEs. Vulnerability Detections are created in open state.
    Tenable.cs Fixed Cloud Host Vulnerabilities Integration This integration is triggered on successful completion of the Tenable.cs Open Cloud Host Vulnerabilities Integration.
    • Retrieves vulnerability data based on the severity filters from the Tenable.cs product and processes it in your instance.
    • Creates unique CIs for unmatched assets, or updates existing CIs.
    • Coordinates the REST message calls to the Vulnerabilities API.

    The output of this integration is close vulnerable items (VIs). If they don't exist, it also creates configuration items, third-party entries, and CVEs. Vulnerability Detections are created in closed state.

    User authentication and Tenable.sc

    User authentication is supported by your ServiceNow AI Platform® instance and version 5.13 of the Tenable.sc product. User authentication is required if you’re using version 5.12 and earlier of the Tenable.sc product.

    When you select user authentication for the Tenable.sc integrations, tokens might expire and be replaced during integration runs. In the Notes column on the Vulnerability Integration Run record (VIN), the following message is displayed for a process when a token expires, Error: Token validation is failed. If this message is displayed, no action is required. Expired tokens are automatically refreshed in the background and the message doesn’t indicate a pause or error with the integration process.