Preparing for the Tenable Vulnerability Integration

  • Release version: Zurich
  • Updated July 31, 2025
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Preparing for the Tenable Vulnerability Integration

    This guide outlines the essential preparation steps for ServiceNow customers to successfully install and configure the Vulnerability Response Integration with Tenable application on their ServiceNow AI Platform® instance. Proper planning ensures smooth data import and integration with Tenable products, specifically Tenable.sc and Tenable.cs.

    Show full answer Show less

    Key Preparation Tasks

    • Prerequisites: Ensure the Vulnerability Response application (version 12.1 or later) is installed and activated before adding the Tenable integration.
    • Supported Tenable Versions: The integration supports Tenable.sc starting from version 5.13 and Tenable.cs from 5.0.1 onward.
    • Capacity Planning: Estimate the expected volume of vulnerable items to import and confirm your ServiceNow instance can handle this load to avoid performance issues. Contact ServiceNow Technical Support if unsure.
    • User and Role Setup: Assign appropriate roles such as system admin, vulnerability admin (snvul.vulnerabilityadmin), and integration-specific roles (snvultenable.configureintegration and snvultenable.readintegration) to manage and configure the integration effectively.
    • Groups: Use the default Vulnerability Response group or create new groups and assign users accordingly for streamlined management and remediation tasks.
    • Performance Optimization: Consider disabling vulnerability calculators and notification-related business rules before the initial import to improve system performance.
    • Integration Requirements: Verify that necessary plugins and features such as the IntegrationHub plugin are installed and activated to enable external API calls and REST protocols.
    • MID Server Usage: For Tenable.sc, use a MID Server if your Tenable product and ServiceNow instance are in different environments; it is optional if both are in the same environment.
    • Credentials: Obtain Tenable account credentials with appropriate access rights—Tenable.io requires at least basic user permissions (permission attribute 16) as of version 3.8 of the integration; Tenable.sc requires Security Analyst or Manager access.

    Next Steps

    Once all preparation tasks are complete, proceed to install the Vulnerability Response Integration with Tenable application using the ServiceNow Setup Assistant. If migrating from the older Tenable-built integration, review the migration guidelines to ensure data cleanup and transition are handled correctly.

    Prepare for the ServiceNow® Tenable Vulnerability integration by performing the following setup tasks.

    Before you begin

    A successful integration requires planning and careful execution of pre-integration tasks. For a smooth installation and configuration of the Vulnerability Response Integration with Tenable application, you may prefer to print the following checklist and verify the items listed are completed before you install the application and import vulnerability data into your ServiceNow AI Platform® instance.

    Note:
    If you have been importing data with the Tenable-built integration, and you want to start using the ServiceNow® Vulnerability Response Integration with Tenable, see the

    For current data cleanup and migration information from the Tenable-built integration to the integration built by ServiceNow, see the Guidelines to migrate from the Tenable Vulnerability Response Integration to the ServiceNow Vulnerability Response Integration with Tenable [KB0960667] article.

    Role required: Admin to download and install the application.

    Task Description
    (Optional) If not already installed and activated, you may prefer to install the Vulnerability Response application prior to installing the third-party application.

    For more information about installing and activating the Vulnerability Response application, see, Install Vulnerability Response. This integration requires version 12.1 of Vulnerability Response or later.

    If you don't already have it on your instance, get entitlements and download the Vulnerability Response Integration with Tenable application to your ServiceNow AI Platform® instance. The Vulnerability Response Integration with Tenable application supports the Tenable.sc product starting with version 5.13 and Tenable.cs product starting with version 5.0.1.

    .

    Estimate the number of vulnerable items that you expect to import.

    Verify that your instance can accept the number of vulnerable items you expect to import. An undersized instance can lead to long load times. If you don’t know the size of your instance, or, if you need assistance, contact ServiceNow® Technical Support.

    Verify that you have groups or users to manage the integrations and remediate vulnerable items.

    admin
    The system admin uses Setup Assistant to install the Vulnerability Response Integration with Tenable application. If not assigned, the admin assigns the vulnerability admin (sn_vul.vulnerability_admin) and other roles in Setup Assistant.
    sn_vul.vulnerability_admin
    Once assigned, the vulnerability admin completes the configuration of the Tenable integrations. This role has complete access to the Vulnerability Response (VR) application and its records. Configures all VR applications and rules and configures third-party integrations.
    sn_vul_tenable.configure_integration
    Can configure the Tenable Vulnerability Integration. This role contains the sn_vul_tenable.read_integration granular role.
    sn_vul_tenable.read_integration
    Can view (read) records of the Tenable Vulnerability Integration.
    Vulnerability Response group
    By default, the Vulnerability Response group is available in Setup Assistant. Users assigned to the Vulnerability Response group inherit the sn_vul.read_all and sn_vul.remediation_owner roles automatically.

    The system admin performs the initial assignment of roles to users and groups in Setup Assistant for the integration. By default, the Vulnerability Response group is available. If not already created, you may prefer to create additional groups and add users with the User Administration module in your instance prior to using Setup Assistant. See Create a user group.

    Persona and granular roles are available to help you manage what users can do and see in the Vulnerability Response application. For initial assignment of the persona roles in Setup Assistant, see Assign the Vulnerability Response persona roles using Setup Assistant.

    To promote improved performance for your first import, you may prefer to disable certain features, rules, or jobs in your instance.

    • Disable vulnerability calculators if you don’t use them. These calculators, plus any you have defined, run every time a vulnerable item record is created or updated. See Disable vulnerability calculators.
    • During the initial import of records, certain notification-related business rules can cause many notifications to be generated, impacting performance. Prior to your initial import, you may prefer to Disable notification-related business rules as described in Import modifications for the Tenable Vulnerability Integration.

    Verify you have enabled any features, rules, dependency plugins, or jobs in your instance required for the integration.

    • Tenable.sc is an on-premises integration that gives you the option to use a MID Server if the Vulnerability Response Integration with Tenable product and your ServiceNow AI Platform instance are in the same environment. If the Tenable.sc product and your ServiceNow AI Platform instance aren’t in the same environment, you’re required to use a MID Server. For more information about MID Servers in your instance, see MID Server.
    • Verify the IntegrationHub plugin is installed and activated. This plugin enables base system components to call external systems using integration APIs and activates protocol steps like REST.

      Navigate to System Applications > All Available Applications > All and locate the plugin. If not installed in your instance, install and activate it.

    Obtain Tenable credentials.

    Verify you have any account names, passwords, and other service information required by your Tenable products so that you have access to them.

    Tenable.io requires Administrator access with a permission attribute greater than or equal to 64. Tenable.sc requires Security Analyst or Manager access.

    Note:
    Starting with v3.8 of Vulnerability Response Integration with Tenable, accessing Tenable.io no longer needs administrator privileges. A basic user with a permission attribute equal to 16 can also access the product.

    You’re ready to Install the Vulnerability Response Integration with Tenable application using Setup Assistant.