Run a Tenable Vulnerability Export Outside the Scheduled Item

Use a One-Step™ Action to run an impromptu export.

To run an export outside the Scheduled Item:

  1. In the CSM Desktop Client, open the One-Step Action Manager.
  2. From the Association drop-down list, select None.
  3. Select the Global folder, and then select the Tenable folder.
  4. Select Export Vulnerabilities, and select Run.
    The processing time varies depending on how many vulnerabilities are being exported.
  5. To view details of the export, from the menu bar select Tools > Table Management
    1. From the Type drop-down list, select Tenable Export.
  6. Open the Tenable export record.
    The Export UUID and Request UUID fields are for information purposes and are read-only.
  7. The status updates every five minutes after the Tenable export record is created. You may need to refresh the record to see updates. If you want to bypass the five-minute wait time, select the Update Export link (under Actions) to update the record status.
    When the record updates, the Status, Total Chunks and Chunks Processed fields refresh.
  8. When the status record updates to Finished, an Automation Process runs and begins importing the vulnerability records in chunks. As chunks are imported, the Chunks Processed field updates until it shows all chunks are complete. For example, if the total number of chunks is 25, the Chunks Processed starts at 0 of 25 and continues to update until it displays 25 of 25. The vulnerabilities are initially imported as records within a table called Asset Vulnerability.

After all chunks have been imported, a set of Automation Processes begin for each Asset Vulnerability record. Security Events are automatically created or updated. A Security Event is created for each unique Plugin ID. Configuration Items are linked to the Security Events if the Plugin ID is associated with the synched asset in Tenable. A join table record (Security Event Joins Configuration Items) is also created which will allow technicians to view the status of the vulnerability on each CI from the Security Event record via the Configuration Item tab. It may take several minutes to hours for all the vulnerability records to be processed. After all Asset Vulnerability records have been processed, they are deleted from the system.