Tenable.io Connector Guide

How to set up and use the Tenable.io connector in Ivanti Neurons.

Overview

The Ivanti Neurons platform supports client connector configurations to provide a scheduled upload of the Tenable.io vulnerability data. The connector configuration page will display the details of the latest connector data pull. This connector allows customers to gain visibility into their overall risk due to vulnerabilities in their hosts and web applications and enables a more straightforward, more efficient way to manage those vulnerabilities.

Tenable.io Overview

Tenable® Nessus® is a widely deployed vulnerability scanner that can help detect malware and identify vulnerabilities of assets and asset configurations.

Connector Configuration

Tenable.io Setup

The connector allows users to configure the number of historical days to initially upload into the platform. The default setting for Oldest Scan Data Pull is 30 days. However, it can pull scan data up to a year old. Data is imported to the specific group where an asset exists. When an asset is new, it is initially added to the Default group.

Configuring the Tenable.io Connector in Ivanti Neurons

Navigate to the Automate > Integrations page.

Tenable Connector - Integrations Page Location

Using the search bar in the upper-right corner of the Integrations page, type tenable.io to find the connector.

Tenable Connector - Search for Connector

Locate tenable.io on the page and click Configuration.

Tenable Connector - Configuration Button Location

In the new window under Connection, complete the required fields, as described below.

  • Name: The connector’s name.
  • Location (URL): The URL to access the specific instance of Tenable Nessus or the Tenable.io link.
  • Access Key: Username used to access the connected system.
  • Secret Key:  Password used to access the connected system.
  • Network: Network that will contain the new Tenable.io assets.

Tenable Connector - Connection Window

After completing the login credentials form, click the Test Credentials button.

Tenable Connector - Test Credentials

If the credentials test is successful, the Schedule connector wizard will appear.

Tenable Connector - Schedule Section

By default, the connector is enabled. The following schedules are available.

NOTE: All time selections are based on 24-hour GMT time.

Daily: Configures the connector to run at a set daily interval.

Tenable Connector - Daily Schedule

Weekly: Configures the connector to run at a set weekly interval.  

Tenable Connector - Weekly Schedule

Monthly: Configures the connector to run on a set date every month.

Tenable Connector - Monthly Schedule

Determine the Oldest Scan Data Pull for the initial data synchronization. This can be set to pull between 30 days and 1 year. The setting will only apply for the first time the connector is run.

Tenable Connector - Oldest Scan Data Pull

Tenable.io has its own asset tag system that can be replicated in the platform. Enable this feature under Connector Specific Options.

Tenable Connector - Connector Specific Options

The informational plugins identified by Tenable Nessus scans may be included in the data synchronization, or users may choose to filter the input. The new connector setting for informational plugins will allow users to include or exclude specific plugins.

Tenable Connector - Information Gathered Plugins

Tenable.io users may not want all the assets and findings imported to the platform. Tenable recommends that users create a user or access group for the connector that includes only the desired assets. This method of controlling information flow is preferred. The new connector also allows for filtering the inputs by tags or networks.

Tenable Connector - Tenable Asset Filters

Click the Save button to save the configuration and view the configured connector.

Editing a Connector Configuration

Connector configurations can be updated at any time after creation. Go to the Admin > Connectors page and select the specific connector you want to update.

Tenable.io Data Mapping in Ivanti Neurons

The data from Tenable.io is ingested into Ivanti Neurons as Hosts and Host Findings. The Scanner Name associated with these scans is NESSUS. Scanner Name can be used as a filter in both the Hosts and Host Findings views. 

Hosts View

  • Any active assets within the oldest pull date range listed in Tenable.io are shown in the Hosts view.
  • Both IP address and hostname are extracted from the Tenable.io API.
  • In the Host Detail, the Scanner is listed as NESSUS under the Sources section.

Hosts Findings View

All findings from the Tenable.io scan file are shown in the Host Findings view in Ivanti Neurons.

This connector includes several scanner-specific fields that are viewable in the detail pane, list view columns, filters, and exports:

  • Nessus CVSS v3.0 Base Score
  • Nessus CVSS v2.0 Base Score
  • Nessus MAC Addresses
  • Nessus Network Name
  • Nessus Asset Status
  • Nessus IPv4 Addresses
  • Nessus Severity ID
  • Nessus CVSS v3.0 Temporal Score
  • Nessus CVSS v2.0 Temporal Score
  • Nessus Default Severity ID
  • Nessus IPV6 Addresses
  • Nessus Hostnames
  • scannerUUID
  • Nessus Operating Systems

Tenable Connector - Host Finding Detail Pane

Severity Mapping

Severity

CVSSv2 Range

CVSSv3 Range

Critical

The plugin's highest vulnerability CVSSv2 score is 10.0.

The plugin's highest vulnerability CVSSv3 score is between 9.0 and 10.0.

High

The plugin's highest vulnerability CVSSv2 score is between 7.0 and 9.9.

The plugin's highest vulnerability CVSSv3 score is between 7.0 and 8.9.

Medium

The plugin's highest vulnerability CVSSv2 score is between 4.0 and 6.9.

The plugin's highest vulnerability CVSSv3 score is between 4.0 and 6.9.

Low

The plugin's highest vulnerability CVSSv2 score is between 0.1 and 3.9.

The plugin's highest vulnerability CVSSv3 score is between 0.1 and 3.9.

Info

The plugin's highest vulnerability CVSSv2 score is 0.

or

The plugin does not search for vulnerabilities.

The plugin's highest vulnerability CVSSv3 score is 0.

or

The plugin does not search for vulnerabilities.

Source: CVSS vs. VPR (Tenable.io)