Tenable.sc

About this document

This document provides the step-by-step procedure to configure Tenable.sc in SAFE.

Pre-requisites

• You must install an on-prem Site Coordinator (SC) for the SAFE instance on which you want to configure the Tenable.sc. To install a Site Coordinator, refer to Installing Site Coordinator.

• To configure the Tenable.sc integration, you need the following details:

  • Tenable.sc API URL

  • Tenable.sc API Credentials (Refer to creating API credentials)

    • The API user must be an organizational user with the role of Vulnerability Analyst (Refer to creating a new organizational user)

  • Tenable.sc Asset Tags to filter the Assets in Tenable.sc and their Vulnerability Data to pull VA results of selective Assets from Tenable.sc into SAFE

  • SAFE API Credentials (Refer to Accessing SAFE APIs).

Hardware Requirements

• For an existing Site Coordinator, we recommend assigning an additional 4 GB RAM before configuring Tenable.sc.

• For a new Site Coordinator deployment with Tenable.sc integration, we recommend:

  • 4 Core CPU

  • 8 GB RAM

  • 50 GB disk storage

[Optional] Identifying Tenable.sc Asset Tag IDs to use as a filter

The SAFE-Tenable.sc integration allows users to specify the Tenable.sc Asset Tag IDs as filters for pulling selective assets and their related VA results from Tenable.sc. This allows SAFE to get selective information from Tenable.sc.

Get the Asset Tag IDs

Get the Asset Tag IDs from Tenable.sc as follows:

1. Log in to Tenable.sc.

2. Click Assets available at the top navigation bar.
   

   

3. On the Assets page, click the Asset for which you want the Asset ID.

4. On the Asset page, for some of the Asset Types, you can get the Asset ID from the page itself. But if the Asset ID is not available on the page, refer to the individual asset page URL; Asset ID would always be present at the end of URL.
   

   

   For example, In the below screenshot, the Asset ID is 1237.
   

   

Configure Tenable.sc

On SAFE

On Site Coordinator

1. Ensure you have the latest install-site-coordinator.sh script present on SC. This step is not required if it's a fresh SC installation
   For an already existing SC setup, download the script from the SAFE instance; SAFE_URL is the SAFE dashboard’s URL:
   curl -o install-site-coordinator.sh https://<SAFE_URL>/download-scripts/install-site-coordinator.sh
   Note: SAFE_URL is the SAFE dashboard’s URL
   

   

2. For fresh installation of tenable.sc connector image version <version>, execute the following command:
   sh install-site-coordinator.sh --connector:tenablesc <version>
   The script will prompt for inputs, and answering them will help you configure tenable.sc assessment.
   The below screenshot provides an example of the installation.
   

   

Upgrade Tenable.sc integration

For an already existing tenable.sc integration if there is a new update available. The integration can be upgraded to the new version by executing the following command
sh install-site-coordinator.sh --connector:tenablesc <version> --update

View results of Tenable.sc Assessments

After a successful sync of Tenable.sc integration, the Tenable.sc assets are automatically imported to SAFE.

1. Go to the integrations on the left navigation.

2. Scroll to find the Tenable.sc integration card or search for Tenable.sc in the search bar.

3. Click on the Tenable.sc integration card for Finding View and Asset View.

   • Finding View: This tab displays all the findings details pulled from Tenable.sc.

   • Asset View: This tab displays all the Asset details pulled from Tenable.sc.

FAQs

1. Will the severity of a vulnerability in SAFE be updated if it's changed in Tenable.sc?

If you change the severity of a vulnerability in Tenable.sc, it will only update in SAFE if the change was made after the two applications were last synced. Once they sync up again, the new severity will appear in SAFE.