Tenable Vulnerability Management

Tenable Vulnerability Management (VM) is a suite of cloud vulnerability management products that can export findings into PlexTrac via API.

Multiple integrations can be configured per instance or for specific clients.

This is a licensed feature.

Field Mappings

Below are the field mappings from Tenable to PlexTrac, broken up by findings and assets.

Tables include the following columns:

Tenable VM Field: the field name in Tenable VM
Direction: displays the direction in the flow of data occurring for the integration
PlexTrac Field: the field name in PlexTrac

PlexTrac only imports vulnerabilities that Tenable has not archived.

Findings Field Mappings

If a field is not listed, then PlexTrac does not currently import.

Tenable VM Field	Direction	PlexTrac Field
Vulnerability Name	-->	Finding Name
Description	-->	Description
Solution	-->	Recommendations
See Also	-->	References
Status
Active	-->	Finding="OPEN"
New	-->	Finding="OPEN"
Severity
Info	-->	Informational
Low	-->	Low
Medium	-->	Medium
High	-->	High
Critical	-->	Critical
CVE	-->	CVE
CVSS3	-->	Score Type
CVSS3	-->	Score Vector
CVSS3	-->	CVSS Score
Vulnerability Tags	-->	Finding Tags
Plugin ID	-->	Custom Field "Tenable Plugin ID"
Scan ID	-->	Custom Field " Tenable Scan ID"
VPR	-->	Custom Field "Tenable VPR"
Exploit Available	-->	Custom Field "Tenable Exploit Available"
Vulnerability Synopsis	-->	Custom Field "Tenable Synopsis"
Threat Intensity	-->	Custom Field "Tenable Threat Intensity"
Exploit Code Maturity	-->	Custom Field "Tenable Exploit Code Maturity"
Age Of Vuln	-->	Custom Field "Tenable Age Of Vuln"
Product Coverage	-->	Custom Field "Tenable Product Coverage"
CVSS Impact Score	-->	Custom Field "CVSS Impact Score
Plugin Family	-->	Custom Field " Tenable Plugin Family"
Plugin Type	-->	Custom Field "Tenable Plugin Type"
Scan Completed At	-->	Custom Field "Tenable Scan Complete Date"
THREAT SOURCES	-->	Custom Field "Tenable Threat Sources"

Tenable VM Field

Direction

PlexTrac Field

Vulnerability Name

-->

Finding Name

Description

-->

Description

Solution

-->

Recommendations

Assets Field Mappings

If a field is not listed, then PlexTrac does not currently import.

Tenable VM Field Direction PlexTrac Field Notes

Tenable VM Field	Direction	PlexTrac Field	Notes
Plugin Output	-->	Affected Asset "Evidence"
Asset Name	-->	Asset Name	PlexTrac searches for the first known value in the following order: `FQDN` > `Hostname` > `ipv4` > `ipv6` > `asset_uuid`
IP	-->	Know IP Address
Hostname	-->	Host Name
Operating System	-->	Operating System
Fully Qualified Domain Name	-->	FQDN
MAC Address	-->	MAC Address
Tags	-->	Asset Tags
Port	-->	Affected Ports-Port
Protocol	-->	Affected Ports -Protocol

Plugin Output

-->

Affected Asset "Evidence"

Asset Name

-->

Asset Name

PlexTrac searches for the first known value in the following order: FQDN > Hostname > ipv4 > ipv6 > asset_uuid

-->

Know IP Address

Hostname

-->

Host Name

Operating System

-->

Operating System

Fully Qualified Domain Name

-->

FQDN

MAC Address

-->

MAC Address

Deduplication Logic

PlexTrac will not import findings from Tenable that have the same combination of plugin ID and severity.

Integrating Tenable

Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations."

Step 2: If licensed, the option to connect will appear (if not, the box will display a lock icon and "License required"). Click the Tenable box.

Step 3: Enter a connection name and select if this integration is across the tenancy or for a client (if specific to one client, select the client of the pulldown menu). Click Continue.

Step 4: Select "Connect to Tenable Vulnerability Management." Enter the Tenable URL, access key, and secret key. Click Continue.

Visit the Tenable documentation site for more information on generating API keys.

If the keys are correct, a confirmation message will confirm successful synchronization.

Step 5: Edit the field mappings on the provided tabs for findings and assets, or continue using the defaults.

Information flows only from Tenable to PlexTrac. Fields required by PlexTrac are identified with a red asterisk.

Fields that can be deleted will have an "X" next to the PlexTrac field when hovering over with the cursor. A confirmation message will appear after clicking X.

Configurable fields can be adjusted by clicking the purple line and deleting the existing connection.

Click on the Tenable field and the desired PlexTrac field to map and create a new connection.

Click Continue when finished.

The integration appears in the table as a listed connection.

Synchronizing

PlexTrac offers two synchronization options for Tenable integrations, allowing off-cycle syncs in addition to the regular hourly script.

Sync: This option allows an off-cycle synchronization off cycle and typically takes less than ten minutes.
Full Sync: This option looks at the complete Tenable database. It can be several hours, although it happens in the background and does not prevent using PlexTrac for other tasks.

Synchronization History

To view sync history, click Synch history under the actions menu of the integration.

Managing Integrations

Any existing integration can be disabled temporarily or deleted if no longer needed.

Disabling an Integration

To disable an integration, click the toggle button for the integration under the "Enabled" column. This action also disables the ability to synchronize the integration.

Deleting an Integration

To delete an integration, click the three dots under the "Actions" column and then Delete.

PreviousSnyk NextTenable Security Center

Last updated 1 month ago