REST messages for the Tenable Vulnerability Integration
Summarize
Summary of REST messages for the Tenable Vulnerability Integration
The ServiceNow® Tenable Vulnerability Integration uses a set of REST messages to interact with the Tenable API, enabling retrieval and management of vulnerability, asset, plugin, policy, scan, and credential data from various Tenable products including Tenable.io, Tenable.sc, and Tenable.cs. These REST messages form the core communication mechanism to fetch and submit data required for vulnerability management workflows within ServiceNow.
Show less
Key REST Messages and Their Roles
- Tenable.io Assets REST message: Retrieves asset information filtered by non-deleted and licensed status, supporting the Tenable.io Asset Integration.
- Tenable.io Plugins REST message: Retrieves plugin data used in the Tenable.io Plugin Integration, allowing detailed vulnerability context.
- Tenable.io Vulnerabilities REST message: Retrieves both open and closed vulnerabilities for comprehensive vulnerability tracking.
- Tenable.sc Queries REST message: Fetches query filter information for Tenable.sc asset and vulnerability integrations, essential for targeted data retrieval.
- Tenable.sc Plugins REST message: Retrieves plugin details for the Tenable.sc Plugins Integration, with a wide set of fields including CVSS scores, risk factors, and exploit information.
- Tenable.sc Vulnerabilities REST message: Retrieves vulnerability data and patched vulnerability status, ensuring up-to-date vulnerability insights from Tenable.sc.
- Tenable.sc Policy REST message: Adds policies for requested plugins used in scan requests, enabling customized scan configurations.
- Tenable.sc Scan REST message: Submits scan requests with defined policies, plugins, and IP addresses, facilitating vulnerability scanning operations.
- Tenable.sc Scan Result REST message: Retrieves detailed scan results using scan identifiers to analyze vulnerabilities detected in scans.
- Tenable.sc Scan Credentials REST message: Retrieves usable credentials from Tenable.sc necessary for authenticated scans.
- Tenable.cs GraphQl REST message: Retrieves container assets, host, and container vulnerabilities for the Tenable.cs Integration, supporting container security workflows.
Configuration and Impact
Changes to the REST message method records affect how requests are made to Tenable APIs and what data is retrieved or submitted. Specific parameters such as filters and fields are predefined to ensure relevant and efficient data exchange. For example, asset exports include filters to exclude deleted or unlicensed assets, and plugin queries specify detailed fields like CVSS vectors, risk factors, and exploit availability to provide rich vulnerability context.
Modifications to key parameters are generally not recommended unless necessary, as they directly impact data accuracy and integration behavior. Customers should manage these REST messages carefully to maintain the integrity of their vulnerability data and scanning operations within ServiceNow.
Practical Benefits for ServiceNow Customers
- Enables automated, granular retrieval of vulnerability, asset, plugin, and scan data from Tenable platforms.
- Supports comprehensive vulnerability management by integrating Tenable.io, Tenable.sc, and Tenable.cs data into ServiceNow workflows.
- Facilitates customized scanning and policy management through REST message-driven scan and policy requests.
- Ensures that only relevant, licensed, and usable data such as assets and credentials are imported, optimizing integration performance.
- Provides detailed vulnerability context including CVSS scores and exploit information to enhance risk prioritization and remediation efforts.
The ServiceNow® Tenable Vulnerability Integration REST messages are used to make calls to the Tenable API.
Tenable.io Assets REST message
- "is_deleted": false
- "is_licensed": true
Tenable.io Plugins REST message
The Tenable.io Plugins REST message retrieves Plugin information for the Tenable.io Plugin Integration. Changes to the REST message method record impact the requests made to Tenable.io to retrieve plugins information.
Tenable.io Vulnerabilities REST message
The Tenable.io Vulnerabilities REST message retrieves vulnerability information for both Open and Closed vulnerabilities from the Tenable.io Vulnerability Integration. Changes to the REST message method record impact the requests made to Tenable.io to retrieve vulnerabilities information.
Tenable.sc Queries REST message
The Tenable.sc Queries rest message retrieves the query filter information for the Tenable.sc Asset integration and Tenable.sc vulnerabilities integration where the query filter is configured.
Tenable.sc Plugins REST message
The Tenable.sc Plugin REST message retrieves plugin information for the Tenable.sc Plugins Integration. Changes to the REST message Get Plugins method record impact the requests made to Tenable.sc to retrieve plugins information.
| Parameter name | Value | Description |
|---|---|---|
| type | active | Indicates the source Tenable pulls data from. Used by code. Changes aren’t recommended. |
| fields | id, description, cvssVector,cvssV3Vector, cvssV3TemporalVector, synopsis, cvssVector, baseScore,temporalScore, cvssV3Vector,cvssV3BaseScore, cvssV3TemporalScore, name, vprScore, vprContext, pluginPubDate, pluginModDate, xrefs, family, riskFactor, cpe, seeAlso, solution, exploitAvailable, exploitFrameworks, type, copyright, version, sourceFile, dependencies, requiredPorts, requiredUDPPorts, srcPort, dstPort,protocol, checkType, cvssVectorBF, stigSeverity, patchPubDate, patchModDate, vulnPubDate, modifiedTime, md5 | Indicates the list of fields imported from Tenable. |
Tenable.sc Vulnerabilities REST message
The Tenable.sc vulnerabilities REST message retrieves vulnerability information from the Tenable.sc Integration. Changes to the REST message Fetch Vulnerabilities or Fetch Patched Vulnerabilities method or, starting with v14.0 Vulnerability Response and v2.2 of the Tenable Vulnerability Integration, Fetch Backfill Vulnerabilities record impact the requests made to Tenable.sc to retrieve vulnerabilities information.
Tenable.sc Scan Credentials REST message
- Tenable.sc Policy REST message
- The Tenable.sc policy POST REST message adds a policy for requested plugins. Generated policy is used in Tenable.sc scan requests.
- Tenable.sc Scan REST message
- The Tenable.sc scan POST REST message adds a scan that is dependent on the access and permission defined in the request body of the rest message. It uses policy, plugin id, and IP(s) in the request body for the scan request.
- Tenable.sc Scan Result REST message
- The Tenable.sc Scan Result GET REST message provides scan details of the scan generated using the Scan REST message. It uses the scanResultId in the response of the scan REST messages and retrieves scan details for the triggered scan.
- Tenable.sc Scan Credentials
- The Tenable.sc scan credentials REST message retrieves the credentials information from Tenable.sc. Changes to the REST message 'Import' method record impact the requests made to Tenable.sc to retrieve the credentials information.
| Parameter name | Value | Description |
|---|---|---|
| fields | id,name,description,type | Indicates the list of fields imported from Tenable.sc |
| filter | usable | Indicates that the integration pulls only usable credentials from Tenable.sc
Changes to either of the parameters isn’t recommended. |
Tenable.cs GraphQl REST message: The Tenable.cs GraphQl REST message retrieves container asset information, host, and container vulnerability information for Tenable.cs Integration. Changes to the REST message Fetch Container Assets, Fetch Container Vulnerabilities, Fetch Compute Vulnerabilities method record impact the requests made to Tenable.cs to retrieve asset and vulnerabilities information.