Tenable.io Connector Guide

Summary: How to set up and use the Tenable.io connector in Ivanti Neurons RBVM/ASOC/VULN KB.

Overview

The Ivanti Neurons platform supports client connector configurations to provide a scheduled upload of the Tenable.io vulnerability data. The connector configuration page will display the details of the latest connector data pull. This connector allows customers to gain visibility into their overall risk due to vulnerabilities in their hosts and web applications and enables a more straightforward, more efficient way to manage those vulnerabilities.

Tenable.io Overview

Tenable® Nessus® is a widely deployed vulnerability scanner that can help detect malware and identify vulnerabilities of assets and asset configurations.

Connector Configuration

Tenable.io Setup

The connector allows users to configure the number of historical days to initially upload into the platform. The default setting for Oldest Scan Data Pull is 30 days. However, it can pull scan data up to a year old. Data is imported to the specific group where an asset exists. When an asset is new, it is initially added to the Default group.

Configuring the Tenable.io Connector in Ivanti Neurons

Navigate to the Automate > Integrations page.

Using the search bar in the upper-right corner of the Integrations page, type tenable.io to find the connector.

Locate tenable.io on the page and click Configuration.

In the new window under Connection, complete the required fields, as described below.

  • Name: The connector’s name.

  • Location (URL): The URL to access the specific instance of Tenable Nessus or the Tenable.io link.

  • Access Key: Username used to access the connected system.

  • Secret Key: Password used to access the connected system.

  • Network: Network that will contain the new Tenable.io assets.

After completing the login credentials form, click the Test Credentials button.

If the credentials test is successful, the Schedule connector wizard will appear.

By default, the connector is enabled. The following schedules are available.

All time selections are based on 24-hour GMT time.

Daily: Configures the connector to run at a set daily interval.

Weekly: Configures the connector to run at a set weekly interval.

Monthly: Configures the connector to run on a set date every month.

Determine the Oldest Scan Data Pull for the initial data synchronization. This can be set to pull between 30 days and 1 year. The setting will only apply for the first time the connector is run.

Tenable.io has its own asset tag system that can be replicated in the platform. Enable this feature under Connector Specific Options.

The informational plugins identified by Tenable Nessus scans may be included in the data synchronization, or users may choose to filter the input. The new connector setting for informational plugins will allow users to include or exclude specific plugins.

Tenable.io users may not want all the assets and findings imported to the platform. Tenable recommends that users create a user or access group for the connector that includes only the desired assets. This method of controlling information flow is preferred. The new connector also allows for filtering the inputs by tags or networks.

Click the Save button to save the configuration and view the configured connector.

Editing a Connector Configuration

Connector configurations can be updated at any time after creation. Go to the Configuration/Settings > Connectors page and select the specific connector you want to update.

Tenable.io Data Mapping in Ivanti Neurons

The data from Tenable.io is ingested into Ivanti Neurons as Hosts and Host Findings. The Scanner Name associated with these scans is NESSUS. Scanner Name can be used as a filter in both the Hosts and Host Findings views.

Hosts View

  • Any active assets within the oldest pull date range listed in Tenable.io are shown in the Hosts view.

  • Both IP address and hostname are extracted from the Tenable.io API.

  • In the Host Detail, the Scanner is listed as NESSUS under the Sources section.

Hosts Findings View

All findings from the Tenable.io scan file are shown in the Host Findings view in Ivanti Neurons.

This connector includes several scanner-specific fields that are viewable in the detail pane, list view columns, filters, and exports:

  • Nessus CVSS v3.0 Base Score

  • Nessus CVSS v2.0 Base Score

  • Nessus MAC Addresses

  • Nessus Network Name

  • Nessus Asset Status

  • Nessus IPv4 Addresses

  • Nessus Severity ID

  • Nessus CVSS v3.0 Temporal Score

  • Nessus CVSS v2.0 Temporal Score

  • Nessus Default Severity ID

  • Nessus IPV6 Addresses

  • Nessus Hostnames

  • scannerUUID

  • Nessus Operating Systems

Severity Mapping

Severity CVSSv2 Range CVSSv3 Range
Critical The plugin's highest vulnerability CVSSv2 score is 10.0. The plugin's highest vulnerability CVSSv3 score is between 9.0 and 10.0.
High The plugin's highest vulnerability CVSSv2 score is between 7.0 and 9.9. The plugin's highest vulnerability CVSSv3 score is between 7.0 and 8.9.
Medium The plugin's highest vulnerability CVSSv2 score is between 4.0 and 6.9. The plugin's highest vulnerability CVSSv3 score is between 4.0 and 6.9.
Low The plugin's highest vulnerability CVSSv2 score is between 0.1 and 3.9. The plugin's highest vulnerability CVSSv3 score is between 0.1 and 3.9.
Info The plugin's highest vulnerability CVSSv2 score is 0 or the plugin does not search for vulnerabilities. The plugin's highest vulnerability CVSSv3 score is 0 or the plugin does not search for vulnerabilities.

Source: CVSS vs. VPR (Tenable.io)