Solutions

  • Products
  • Use Cases
  • Industries
  • REPORT
  • Patching paradox
  • Patch work demands attention to protect data as hackers outpace security teams.
  • REPORT
  • Healthcare vulnerability
  • Patch work demands attention to protect data as hackers outpace security teams.

Platform

  • STUDY
  • Forrester: Improve agility
  • Simplify and consolidate your platform to put more focus on revenue growth.

Customers

  • SUCCESS CENTER
  • Your Strategic Resource
  • Discover best practices for every phase of your ServiceNow journey

Explore

  • WHY SERVICENOW
  • Thanks to you.
  • You're why we're #1 on the Forbes World's Most Innovative Companies list.

Configure the app

Configure connectors and set up CI matching rules to get Tenable running.

  • Use queries to control the vulnerability types you see in ServiceNow.
  • Define CI matching rules to correlate vulnerable items to existing CIs.

With the application installed into your ServiceNow instance, you’re almost ready to start pulling in data from your Tenable SecurityCenter.

In this stage, you’ll configure your connectors, schedule an import, run your queries, and set up your CI matching rules.

Step 1: Activate your integration

  1. From your ServiceNow instance, browse to Tenable > Setup and Configuration > Settings.
  2. Select Activate the Tenable Integration, and click Update.

Figure 9: Activation check box

Alternately, instead of clicking Update, you can right‑click on the gray bar at the top of the page and then click Save. This will save the record without closing it; Update saves the record and closes it.

Step 2: Configure your connectors

  1. In the Application Navigator, browse to Tenable ‑ SecurityCenter > Connectors.
  2. On the Tenable Connectors (Connectors) form, click New
  3. Configure the connector with your Tenable SecurityCenter and MID Server information and click Submit. You can add multiple connectors if you have multiple instances of Tenable SecurityCenter.

Figure 10: Tenable Connectors form

Step 3: Schedule an import

  1. In the Application Navigator, browse to Tenable > Scheduled Imports
  2. On the Tenable Scheduled Imports (Scheduled Imports) form, click New
  3. In the Initial Run ‑ Historical Data field, specify how far back (in days) to import when this scheduled import runs for the first time. For example, if you select Within 30 days, vulnerabilities that were observed 12 or 24 days ago are imported into ServiceNow. After the first import, the Security Operations app only requests new data that hasn’t yet been imported.

Figure 11: Tenable Scheduled Imports form

Step 4: Select your Tenable query 

Remember when you created the query in your Tenable SecurityCenter a few steps back? This is when you’re going to use it! In the Tenable Query field, select the query you configured in Stage 1, then click Submit. This is the primary method to control what types of vulnerabilities you want to see in ServiceNow.

Figure 12: Tenable Query field

If you don’t see any queries available, navigate back to Tenable ‑ SecurityCenter > Connectors and click Update Queries for this Connector to fetch them.

Expert Tip

EXPERT TIP

To launch the import instantly, right‑click the top gray bar and click Save. Then click Execute Now.

Step Five: Set up your CI matching rules

Browse to Tenable > CMDB > CI Matching Rules. This is where you can define matching rules so the incoming analysis, plugin, and asset data from Tenable can be used to correlate a vulnerable item to an existing configuration item in the CMDB. If no match is made, Tenable creates a "Tenable Discovered Item" CI list.

Figure 13: CI rule matching script

Optionally, you can also push asset data from the CMDB to Tenable SecurityCenter. To do so, browse to Tenable > CMDB > CMDB to Tenable Asset Groups. Then create your asset groups within Tenable.

Figure 14: Asset Groups in Tenable

Step 6: Confirm your vulnerabilities imported

To ensure your Tenable vulnerabilities imported:

  1. Browse to Vulnerability > Vulnerable Items.
  2. Select Vulnerabilities from the Go to drop‑down list. In the field to the right, type TNS and then press Enter or Return on your keyboard. This is the prefix used by all vulnerabilities imported from Tenable SecurityCenter.

Figure 15: Confirming your vulnerabilities imported

Expert Tip

EXPERT TIP

You can also view all imported vulnerabilities at Vulnerability > Libraries > Third Party. Or search for those with a TNS prefix.

For more information on how to work with vulnerable items, check out the ServiceNow Vulnerability Response page.

Explore additional phases

Plan

You want to be sure everything is in place for a smooth, successful deployment.

Deploy

You want to be sure you’re following best practices during implementation.

Optimize

You’re up and running and want to get the most from your investment.

Extend

You’re ready to extend ServiceNow into other areas of your enterprise.

Thank You

Thank you for submitting your request. A ServiceNow representative will be in contact within 48 hours.

form close button

Contact Us

I would like to hear about upcoming events, products and services from ServiceNow. I understand I can unsubscribe any time.

  • By submitting this form, I confirm that I have read and agree to the Privacy Statement.