- 2 Minutes to read
- Print
- PDF
Tenable.sc
- 2 Minutes to read
- Print
- PDF
About this document
This document provides the step-by-step procedure to configure Tenable.sc in SAFE.
Pre-requisites
- You must install an on-prem Site Coordinator (SC) for the SAFE instance on which you want to configure the Tenable.sc. To install a Site Coordinator, refer to Installing Site Coordinator.
- To configure the Tenable.sc integration, you need the following details:
- Tenable.sc API URL
- Tenable.sc API Credentials (Refer to creating API credentials)
- The API user must be an organizational user with the role of Vulnerability Analyst (Refer to creating a new organizational user)
- Tenable.sc Asset Tags to filter the Assets in Tenable.sc and their Vulnerability Data to pull VA results of selective Assets from Tenable.sc into SAFE
- SAFE API Credentials (Refer to Accessing SAFE APIs).
The SAFE - Tenable.sc integration can support upto 10,000 host assets.
Hardware Requirements
- For an existing Site Coordinator, we recommend assigning an additional 4 GB RAM before configuring Tenable.sc.
- For a new Site Coordinator deployment with Tenable.sc integration, we recommend:
- 4 Core CPU
- 8 GB RAM
- 50 GB disk storage
[Optional] Identifying Tenable.sc Asset Tag IDs to use as a filter
The SAFE-Tenable.sc integration allows users to specify the Tenable.sc Asset Tag IDs as filters for pulling selective assets and their related VA results from Tenable.sc. This allows SAFE to get selective information from Tenable.sc.
Get the Asset Tag IDs
Get the Asset Tag IDs from Tenable.sc as follows:
- Log in to Tenable.sc.
- Click Assets available at the top navigation bar.
- On the Assets page, click the Asset for which you want the Asset ID.
- On the Asset page, for some of the Asset Types, you can get the Asset ID from the page itself. But if the Asset ID is not available on the page, refer to the individual asset page URL; Asset ID would always be present at the end of URL.
For example, In the below screenshot, the Asset ID is 1237.
Configure Tenable.sc
On SAFE
Some steps while configuring Tenable.sc are needed to be performed by the SAFE support team. Please get in touch with the SAFE support team to assist you.
On Site Coordinator
- Ensure you have the latest install-site-coordinator.sh script present on SC. This step is not required if it's a fresh SC installation
For an already existing SC setup, download the script from the SAFE instance; SAFE_URL is the SAFE dashboard’s URL:
curl -o install-site-coordinator.sh https://<SAFE_URL>/download-scripts/install-site-coordinator.sh
Note: SAFE_URL is the SAFE dashboard’s URL - For fresh installation of tenable.sc connector image version <version>, execute the following command:
sh install-site-coordinator.sh --connector:tenablesc <version>
The script will prompt for inputs, and answering them will help you configure tenable.sc assessment.
The below screenshot provides an example of the installation.
Upgrade Tenable.sc integration
For an already existing tenable.sc integration if there is a new update available. The integration can be upgraded to the new version by executing the following command
sh install-site-coordinator.sh --connector:tenablesc <version> --update
View results of Tenable.sc Assessments
After a successful sync of Tenable.sc integration, the Tenable.sc assets are automatically imported to SAFE. These assets can be viewed in SAFE on the Technology > Assets page. The vulnerabilities imported from Tenable.sc will be present against these assets.
FAQs
1. Will the severity of a vulnerability in SAFE be updated if it's changed in Tenable.sc?
If you change the severity of a vulnerability in Tenable.sc, it will only update in SAFE if the change was made after the two applications were last synced. Once they sync up again, the new severity will appear in SAFE.