Document toolboxDocument toolbox

Tenable

Owned by Jonas Gonzalez
Last updated: Nov 29, 2024
2 min read
[ 1 Connect Tenable with Devo SOAR ] [ 2 Actions for Tenable ] [ 2.1 List Scan Results ] [ 2.1.1 Input Field ] [ 2.1.2 Output ] [ 3 Release Notes ]

Managed on-premises and powered by Nessus technology, the Tenable.sc suite of products provides the a comprehensive vulnerability coverage with real-time continuous assessment of a network. It’s a complete end-to-end vulnerability management solution.

Connect Tenable with Devo SOAR

  1. Navigate to Automations > Integrations.

  2. Search for Tenable.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. Server IP or Hostname: Enter Server IP or Hostname where Tenable is installed and running. Example: http://111.111.111.111:443

  9. Access Key: Enter Access Key for Tenable instance.

  10. Secret Key: Enter Secret key for the Tenable instance.

  11. After you've entered all the details, click Connect.

Actions for Tenable

List Scan Results

Gets the list of Scan Results.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Fields

Jinja-templated comma separated field names which needs to be returned in the result set.

Required

Start Time

Start time in ISO format for scan results to be retrieved.

 

Example: 2019-09-26T07:58:30.996+02:00. Default is execution start time.

Required

 

End Time

End time in ISO format for scan results to be retrieved.

 

Example: 2019-09-26T07:58:30.996+02:00. Default is execution end time.

Required

 

Output

A JSON object containing multiple rows of result:

  • response: Array of reports

  • warnings: Array of any warnings

  • error_message: Any error message from the server

``` {json}{ "timestamp":1622212387, "warnings":[

], "response":{ "usable":[ { "id":"13464", "name":"Report Name", "description":"", "status":"Partial" } ] }, "error_msg":"", "type":"regular", "error_code":0 }

## Download Scan Result Downloads a Scan Result by ID. ### Input Field Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection. | Input Name | Description | Required | | :------------ | :------------------------------------------------------------------------------------- | :------- | | Scan ID | Jinja templated scan ID whose reports is to be downloaded. | Required | | Download Type | Select download type. Default is V2. Valid options are: v2, diagnostic, oval, scap1 2. | Required | ### Output A JSON object containing multiple rows of result: - file_id: File ID of the downloaded report. - error: Error message, if any. - has_error: Whether the action succeeded or failed. ``` {json}{ "file_id":"b815d171c2d8409e857ce9ca43fd1523", "error":null, "has_error":false }

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem