Tenable.io
Visualize Tenable.io scans, findings, vulnerabilities, and container findings, map Tenable.io users to employees, and monitor changes through queries and alerts.
- Installation
- Data Model
- Types
Installation
For this integration, you will need to create an Access Key and Secret Key on Tenable.io. You additionally need to have a Tenable.io account with the role of Tenable Administrator to successfully set up the integration.
See Tenable.io's documentation for more information on generating your access and secret keys.
Configuration in JupiterOne
To install the Tenable.io integration in JupiterOne, navigate to the Integrations tab in JupiterOne and select Tenable.io. Click New Instance to begin configuring your integration.
Creating an instance requires the following:
-
The Account Name used to identify the Tenable.io account in JupiterOne. Ingested entities will have this value stored in
tag.AccountNamewhen theAccountNametoggle is enabled. -
Description to assist in identifying the integration instance, if desired.
-
Polling Interval that you feel is sufficient for your monitoring needs. You may leave this as
DISABLEDand manually execute the integration. -
Your Tenable.io Access Key and Secret Key.
-
Designate the desired Included Vulnerability Severities and Included Vulnerability States.
Click Create once all values are provided to finalize the integration.
Next steps
Now that your integration instance has been configured, it will begin running on the polling interval you provided, populating data within JupiterOne. Continue on to our Instance management guide to learn more about working with and editing integration instances.
Entities
The following entities are created:
| Resources | Entity _type | Entity _class |
|---|---|---|
| Account | tenable_account | Account |
| Agent | tenable_agent | HostAgent |
| Asset | tenable_asset | Host |
| Compliance Finding | tenable_compliance_finding | Finding |
| Container Finding | tenable_container_finding | Finding |
| Container Image | tenable_container_image | Image |
| Container Malware | tenable_container_malware | Finding |
| Container Report | tenable_container_report | Assessment |
| Container Repository | tenable_container_repository | Repository |
| Container Unwanted Program | tenable_container_unwanted_program | Finding |
| Service | tenable_scanner | Service |
| User | tenable_user | User |
| Vulnerability | tenable_vulnerability_finding | Finding, Vulnerability |
Relationships
The following relationships are created:
Source Entity _type | Relationship _class | Target Entity _type |
|---|---|---|
tenable_account | PROVIDES | tenable_scanner |
tenable_account | HAS | tenable_container_repository |
tenable_account | HAS | tenable_container_image |
tenable_account | MANAGES | tenable_asset |
tenable_account | HAS | tenable_user |
tenable_account | HAS | tenable_agent |
tenable_agent | PROTECTS | tenable_asset |
tenable_asset | HAS | tenable_vulnerability_finding |
tenable_asset | HAS | tenable_compliance_finding |
tenable_container_image | HAS | tenable_container_report |
tenable_container_image | HAS | tenable_container_finding |
tenable_container_image | HAS | tenable_container_malware |
tenable_container_image | HAS | tenable_container_unwanted_program |
tenable_container_report | IDENTIFIED | tenable_container_finding |
tenable_container_report | IDENTIFIED | tenable_container_malware |
tenable_container_report | IDENTIFIED | tenable_container_unwanted_program |
tenable_container_repository | HAS | tenable_container_image |
tenable_scanner | SCANS | tenable_container_image |
Mapped Relationships
The following mapped relationships are created:
Source Entity _type | Relationship _class | Target Entity _type | Direction |
|---|---|---|---|
tenable_asset | IS | aws_instance | FORWARD |
tenable_asset | IS | azure_vm | FORWARD |
tenable_asset | IS | google_compute_instance | FORWARD |
tenable_vulnerability_finding | HAS | aws_instance | REVERSE |
tenable_vulnerability_finding | HAS | azure_vm | REVERSE |
tenable_vulnerability_finding | HAS | google_compute_instance | REVERSE |
tenable_vulnerability_finding | IS | cve | FORWARD |
Tenable Account
tenable_account inherits from Account
| Property | Type | Description | Specifications |
|---|---|---|---|
displayName * | string | ||
name * | string |
Tenable Agent
tenable_agent inherits from HostAgent
| Property | Type | Description | Specifications |
|---|---|---|---|
agentId * | number | ||
coreBuild * | string | ||
coreVersion * | string | ||
displayName * | string | ||
ipAddress * | string | ||
lastConnectedOn | number | ||
lastScannedOn | number | ||
linkedOn * | number | ||
name * | string | ||
platform * | string | ||
status * | string | ||
supportsRemoteLogs * | boolean |
Tenable Asset
tenable_asset inherits from Host
| Property | Type | Description | Specifications |
|---|---|---|---|
agentNames | array of strings | ||
agentUuid | string | ||
awsAvailabilityZone | string | ||
awsEc2InstanceAmiId | string | ||
awsEc2InstanceGroupName | string | ||
awsEc2InstanceId | string | ||
awsEc2InstanceState | string | ||
awsEc2InstanceType | string | ||
awsEc2Name | string | ||
awsEc2ProductCode | string | ||
awsOwnerId | string | ||
awsRegion | string | ||
awsSubnetId | string | ||
awsVpcId | string | ||
azureResourceId | string | ||
azureVmId | string | ||
bigfixAssetId | string | ||
biosUuid | string | ||
coreVersion | string | ||
deletedBy | string | ||
deletedOn | number | ||
firstScanTimeOn | number | ||
firstSeenOn | number | ||
fqdns | array of strings | ||
function * | string | const: vulnerability-detection | |
gcpInstanceId | string | ||
gcpProjectId | string | ||
gcpZone | string | ||
hasAgent | boolean | ||
hasPluginResults | boolean | ||
installedSoftware | array of strings | ||
ipv4s | array of strings | ||
ipv6s | array of strings | ||
lastAuthenticatedScanDateOn | number | ||
lastLicensedScanDateOn | number | ||
lastScanId | string | ||
lastScanTimeOn | number | ||
lastScheduleId | string | ||
mcafeeEpoAgentId | string | ||
mcafeeEpoGuid | string | ||
netbiosNames | array of strings | ||
networkId | string | ||
networkName | string | ||
operatingSystems | array of strings | ||
servicenowSysid | string | ||
systemType | string | ||
terminatedBy | string | ||
terminatedOn | number |
Tenable Compliance Finding
tenable_compliance_finding inherits from Finding
| Property | Type | Description | Specifications |
|---|---|---|---|
actualValue * | string | ||
agentId * | string | ||
asset.agent_name * | string | ||
asset.agent_uuid * | string | ||
asset.fqdns | array of strings | ||
asset.id * | string | ||
asset.ipv4Addresses | array of strings | ||
asset.ipv6_addresses | array of strings | ||
asset.mac_addresses | array of strings | ||
asset.name * | string | ||
asset.netbios_name * | string | ||
asset.network_id * | string | ||
asset.operating_systems | array of strings | ||
asset.system_type * | string | ||
assetUuid * | string | ||
auditFile * | string | ||
checkId * | string | ||
checkInfo * | string | ||
checkName * | string | ||
complianceFunctionalId * | string | ||
complianceInformationalId * | string | ||
createdOn * | number | ||
displayName * | string | ||
expectedValue * | string | ||
firstSeenOn | number | ||
id * | string | ||
indexedOn | number | ||
lastFixed | number | ||
lastObservedOn | number | ||
lastSeenOn | number | ||
metadataId * | string | ||
pluginName * | string | ||
status * | string | ||
synopsis * | string | ||
unameOutput * | string |
Tenable Container Image
tenable_container_image inherits from Image
| Property | Type | Description | Specifications |
|---|---|---|---|
createdOn * | number | ||
digest * | string | ||
displayName * | string | ||
finishedOn * | number | ||
hasInventory * | boolean | ||
hasReport * | boolean | ||
imageHash * | string | ||
lastJobStatus * | string | ||
lastScannedOn * | number | ||
layers.digest | array of strings | ||
layers.size | array of numbers | ||
name * | string | ||
numberOfMalware * | number | ||
numberOfVulns * | number | ||
os * | string | ||
osVersion * | string | ||
pullCount * | string | ||
pushCount * | string | ||
repoId * | string | ||
repoName * | string | ||
reportUrl * | string | ||
score * | number | ||
size * | string | ||
source * | string | ||
status * | string | ||
tag * | string | ||
updatedOn * | number | ||
uploadedOn * | number |
Tenable Container Repository
tenable_container_repository inherits from Repository
| Property | Type | Description | Specifications |
|---|---|---|---|
displayName * | string | ||
imagesCount * | number | ||
labelsCount * | number | ||
malwareCount * | number | ||
name * | string | ||
pullCount * | number | ||
pushCount * | number | ||
totalBytes * | number | ||
vulnerabilitiesCount * | number |
Tenable Scanner
tenable_scanner inherits from Service
| Property | Type | Description | Specifications |
|---|---|---|---|
displayName * | string | ||
name * | string |
Tenable User
tenable_user inherits from User
| Property | Type | Description | Specifications |
|---|---|---|---|
containerUuid * | string | ||
displayName * | string | ||
enabled * | boolean | ||
id * | string | ||
lastlogin * | number | ||
loginFailCount * | number | ||
loginFailTotal * | number | ||
name * | string | ||
permissions * | number | ||
type * | string | ||
userName * | string | deprecated: true | |
uuid * | string | ||
uuidId * | string | deprecated: true |
Tenable Vulnerability Finding
tenable_vulnerability_finding inherits from Finding, Vulnerability
| Property | Type | Description | Specifications |
|---|---|---|---|
agentId | string | ||
asset.uuid * | string | ||
assetDeviceType * | string | ||
assetHostname * | string | ||
assetIpv4 | string | ||
assetMacAddress | string | ||
cpe | array of strings | ||
cve | array of strings | ||
cvss3BaseScore | number | ||
cvss3TemporalScore | string | ||
cvss3Vector | string | ||
cvssBaseScore | number | ||
cvssTemporalScore | string | ||
cvssVector | string | ||
description | string | ||
exploitabilityEase | string | ||
exploitAvailable | boolean | ||
exploitedByMalware | boolean | ||
exploitedByNessus | boolean | ||
exploitFrameworkCanvas | boolean | ||
exploitFrameworkCore | boolean | ||
exploitFrameworkD2Elliot | boolean | ||
exploitFrameworkExploithub | boolean | ||
exploitFrameworkMetasploit | boolean | ||
firstFoundOn | number | ||
firstSeenOn | number | ||
hasPatch * | |||
impact | string | ||
lastFixedOn | number | ||
lastFoundOn | number | ||
lastSeenOn | number | ||
name * | string | ||
numericPriority | number | deprecated: true | |
numericSeverity | number | deprecated: true | |
patchPublishedOn | number | ||
plugin.id * | number | ||
port.port * | number | ||
port.protocol * | string | ||
port.service | string | ||
recommendation | string | ||
references | array of strings | ||
riskFactor | string | ||
scan.completedOn | number | ||
scan.startedOn | number | ||
scan.uuid * | string | ||
severityDefaultId | number | ||
severityId | number | ||
severityModificationType | string | ||
state * | string | ||
stigSeverity | string | ||
targets * | array | null | ||
unsupportedByVendor | boolean | ||
vprScore | number | ||
vulnerabilityAge * | number | null | ||
vulnPublishedOn | number |