Tenable.io is a suite of cloud vulnerability management products, including a scanner, which can directly import findings into PlexTrac via API.
This is a licensed feature. Contact your Account Manager to add this integration to your PlexTrac instance.
The Tenable.io to PlexTrac integration supports vulnerability management data that originated from Nessus remote scanners or other third-party solutions that have an integration to add assets and vulnerabilities to Tenable.io.
The following Tenable.io scans are NOT supported:
- Web Application Scanning
- Cloud Security v1
- Container Security v1/v2
- Attack Surface Management
Only one Tenable.io integration is allowed.
The Tenable integration is a micro service executed via a report findings import that involves the following process:
- PlexTrac's backend makes a request to the customer's Tenable.io instance
- PlexTrac's pulls the requested data
- PlexTrac transforms the data into a format that can be imported into the report
- PlexTrac imports the data into an existing report
Once the data has been imported, the user is alerted via the notification bell within PlexTrac. A notification is also sent if an import failure occurs.
Please reach out to [email protected] for more information on preparing your environment prior to completing the setup in the platform.
A Tenable.io API Access and Secret key that has Administrator  permissions will need to be generated before beginning this process. Visit Tenable's Generate API Keys page for more information.
Step 1: From the Admin Dashboard, click Integrations under "Tools & Integrations".
Step 2: If the tenant is licensed, the option to connect will appear (if not, the box will display a lock icon with "License required" next to it). Click the tenable.io box.
Step 3: Click Configure tenable.io Integration.
Step 4: Enter the Access Key and Secret Key. Unless hosting a PlexTrac instance, leave the Tenable Domain field blank. Click Save.
Step 5: The integration details appear on the page. Click Sync Now.
If the keys are correct no error message will appear and a confirmation message will confirm successful synchronization.
Once set up, findings can be imported into a report and instructions on this process can be found here.
Tags for Tenable.io are handled as AND, so if multiple tags are selected, only findings that have ALL the tags will be imported. Any findings that only have one of the tags will NOT be imported.
For example: If "category1:tag1" and "category2:tag2" are selected, then only assets tagged with both will be returned.
If some tags are missing after import, try synchronizing again by clicking Synch Now as described in Step 5 above.