Publisher: Splunk
Connector Version: 2.2.2
Product Vendor: Tenable
Product Name: Tenable.sc
Product Version Supported (regex): ".*"
Minimum Product Version: 5.0.0
This app integrates with Tenable's SecurityCenter to provide endpoint-based investigative actions
The app uses HTTP/ HTTPS protocol for communicating with the Cisco ISE server. Below are the default ports used by Splunk SOAR.
Service Name | Transport Protocol | Port |
---|---|---|
http | tcp | 80 |
https | tcp | 443 |
The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Tenable.sc asset in SOAR.
VARIABLE | REQUIRED | TYPE | DESCRIPTION |
---|---|---|---|
base_url | required | string | Tenable.sc instance URL (https://sc_instance.company.com) |
verify_server_cert | optional | boolean | Verify server certificate |
retry_count | optional | numeric | Maximum attempts to retry api call if database locked errors (Default: 5) |
retry_wait | optional | numeric | Delay in seconds between retries (Default: 30) |
username | required | string | Username |
password | required | password | Password |
test connectivity - Validate the asset configuration for connectivity
scan endpoint - Runs a scan against a specified IP or host
list vulnerabilities - Query Tenable.sc for a list of vulnerabilities associated with an IP or host name or CVEID
list policies - Lists the scan policies available in Tenable.sc
list repositories - Lists the repositories available in Tenable.sc
update asset - Update existing asset with provided fields or create a new one as a 'static' type
update group - Update existing group with provided fields
Validate the asset configuration for connectivity
Type: test
Read only: True
No parameters are required for this action
No Output
Runs a scan against a specified IP or host
Type: investigate
Read only: True
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ip_hostname | required | IP/Hostname to scan (comma-separated) | string | ip host name |
scan_policy_id | required | Tenable.sc Scan Policy ID to use | numeric | tenablesc scan policy id |
repository_id | optional | Tenable.sc repository ID to use (Default: 1) | numeric | tenablesc repository id |
DATA PATH | TYPE | CONTAINS |
---|---|---|
action_result.status | string | |
action_result.parameter.ip_hostname | string | ip host name |
action_result.parameter.scan_policy_id | numeric | tenablesc scan policy id |
action_result.parameter.repository_id | numeric | tenablesc repository id |
action_result.data.*.assets | string | |
action_result.data.*.canManage | string | |
action_result.data.*.canUse | string | |
action_result.data.*.classifyMitigatedAge | string | |
action_result.data.*.createdTime | string | |
action_result.data.*.creator | string | |
action_result.data.*.creator.firstname | string | |
action_result.data.*.creator.id | string | |
action_result.data.*.creator.lastname | string | |
action_result.data.*.creator.username | string | user name |
action_result.data.*.credentials | string | |
action_result.data.*.description | string | |
action_result.data.*.dhcpTracking | string | |
action_result.data.*.emailOnFinish | string | |
action_result.data.*.emailOnLaunch | string | |
action_result.data.*.error_code | string | |
action_result.data.*.error_msgaction_result.data.*.warnings | string | |
action_result.data.*.id | string | tenablesc scan id |
action_result.data.*.ipList | string | ip host name |
action_result.data.*.maxScanTime | string | |
action_result.data.*.modifiedTime | string | |
action_result.data.*.name | string | |
action_result.data.*.numDependents | string | |
action_result.data.*.owner | string | |
action_result.data.*.owner.firstname | string | |
action_result.data.*.owner.id | string | |
action_result.data.*.owner.lastname | string | |
action_result.data.*.owner.username | string | user name |
action_result.data.*.ownerGroup | string | |
action_result.data.*.ownerGroup.description | string | |
action_result.data.*.ownerGroup.id | string | |
action_result.data.*.ownerGroup.name | string | |
action_result.data.*.plugin | string | |
action_result.data.*.plugin.description | string | |
action_result.data.*.plugin.id | numeric | |
action_result.data.*.plugin.name | string | |
action_result.data.*.policy | string | |
action_result.data.*.policy.context | string | |
action_result.data.*.policy.creator.firstname | string | |
action_result.data.*.policy.creator.id | string | |
action_result.data.*.policy.creator.lastname | string | |
action_result.data.*.policy.creator.username | string | user name |
action_result.data.*.policy.description | string | |
action_result.data.*.policy.id | string | tenablesc scan policy id |
action_result.data.*.policy.name | string | |
action_result.data.*.policy.owner.firstname | string | |
action_result.data.*.policy.owner.id | string | |
action_result.data.*.policy.owner.lastname | string | |
action_result.data.*.policy.owner.username | string | user name |
action_result.data.*.policy.ownerGroup.description | string | |
action_result.data.*.policy.ownerGroup.id | string | |
action_result.data.*.policy.ownerGroup.name | string | |
action_result.data.*.policy.tags | string | |
action_result.data.*.policyPrefs | string | |
action_result.data.*.policyPrefs.*.name | string | |
action_result.data.*.policyPrefs.*.value | string | |
action_result.data.*.reports | string | |
action_result.data.*.repository | string | |
action_result.data.*.repository.description | string | |
action_result.data.*.repository.id | string | |
action_result.data.*.repository.name | string | |
action_result.data.*.response | string | |
action_result.data.*.rolloverType | string | |
action_result.data.*.scanResultID | string | tenablesc scan result id |
action_result.data.*.scanningVirtualHosts | string | |
action_result.data.*.schedule | string | |
action_result.data.*.schedule.dependent | string | |
action_result.data.*.schedule.dependent.description | string | |
action_result.data.*.schedule.dependent.id | numeric | |
action_result.data.*.schedule.dependent.name | string | |
action_result.data.*.schedule.enabled | string | |
action_result.data.*.schedule.id | numeric | |
action_result.data.*.schedule.nextRun | numeric | |
action_result.data.*.schedule.objectType | numeric | |
action_result.data.*.schedule.repeatRule | string | |
action_result.data.*.schedule.start | string | |
action_result.data.*.schedule.type | string | |
action_result.data.*.status | string | |
action_result.data.*.timeoutAction | string | |
action_result.data.*.timestamp | string | |
action_result.data.*.type | string | |
action_result.data.*.zone | string | |
action_result.data.*.zone.description | string | |
action_result.data.*.zone.id | numeric | |
action_result.data.*.zone.name | string | |
action_result.summary.name | string | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric |
Query Tenable.sc for a list of vulnerabilities associated with an IP or host name or CVEID
Type: investigate
Read only: True
If the input IP / host name / CVEID is not available in the server, Action will pass with 0 vulnerability.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
ip_hostname | optional | IP / host name of host to query | string | ip host name |
cve_id | optional | CVEID to query | string |
DATA PATH | TYPE | CONTAINS |
---|---|---|
action_result.status | string | |
action_result.parameter.ip_hostname | string | ip host name |
action_result.parameter.cve_id | string | |
action_result.data.*.endOffset | string | |
action_result.data.*.matchingDataElementCount | string | |
action_result.data.*.results.*.family.id | string | |
action_result.data.*.results.*.family.name | string | |
action_result.data.*.results.*.family.type | string | |
action_result.data.*.results.*.hostTotal | string | |
action_result.data.*.results.*.name | string | |
action_result.data.*.results.*.pluginID | string | |
action_result.data.*.results.*.severity.description | string | |
action_result.data.*.results.*.severity.id | string | |
action_result.data.*.results.*.severity.name | string | |
action_result.data.*.results.*.total | string | |
action_result.data.*.results.*.vprContext | string | |
action_result.data.*.results.*.vprScore | string | |
action_result.data.*.returnedRecords | numeric | |
action_result.data.*.startOffset | string | |
action_result.data.*.totalRecords | string | |
action_result.summary.critical_vulns | numeric | |
action_result.summary.high_vulns | numeric | |
action_result.summary.info_vulns | numeric | |
action_result.summary.low_vulns | numeric | |
action_result.summary.medium_vulns | numeric | |
action_result.summary.total_vulnerabilities | numeric | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric |
Lists the scan policies available in Tenable.sc
Type: investigate
Read only: True
No parameters are required for this action
DATA PATH | TYPE | CONTAINS |
---|---|---|
action_result.status | string | |
action_result.data.*.manageable.*.description | string | |
action_result.data.*.manageable.*.id | string | tenablesc scan policy id |
action_result.data.*.manageable.*.name | string | |
action_result.data.*.manageable.*.status | string | |
action_result.data.*.usable.*.description | string | |
action_result.data.*.usable.*.id | string | tenablesc scan policy id |
action_result.data.*.usable.*.name | string | |
action_result.data.*.usable.*.status | string | |
action_result.summary | string | |
action_result.summary.policy_count | numeric | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric |
Lists the repositories available in Tenable.sc
Type: investigate
Read only: True
No parameters are required for this action
DATA PATH | TYPE | CONTAINS |
---|---|---|
action_result.status | string | |
action_result.data.*.id | numeric | tenablesc repository id |
action_result.data.*.SCI.id | numeric | |
action_result.data.*.SCI.name | string | |
action_result.data.*.SCI.description | string | |
action_result.data.*.name | string | |
action_result.data.*.dataFormat | string | |
action_result.data.*.description | string | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric | |
action_result.summary | string | |
action_result.summary.total_repositories | numeric |
Update existing asset with provided fields or create a new one as a 'static' type
Type: generic
Read only: False
View Tenable.sc API docs for available fields to update.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
asset_name | required | Name of asset to update | string | |
update_fields | required | Fields to use for updating the asset (JSON String) | string |
DATA PATH | TYPE | CONTAINS |
---|---|---|
action_result.status | string | |
action_result.parameter.asset_name | string | |
action_result.parameter.update_fields | string | |
action_result.data.*.error_code | numeric | |
action_result.data.*.error_msg | string | |
action_result.data.*.response.canManage | string | |
action_result.data.*.response.canUse | string | |
action_result.data.*.response.context | string | |
action_result.data.*.response.createdTime | string | |
action_result.data.*.response.creator.firstname | string | |
action_result.data.*.response.creator.id | string | |
action_result.data.*.response.creator.lastname | string | |
action_result.data.*.response.creator.username | string | user name |
action_result.data.*.response.description | string | |
action_result.data.*.response.id | string | |
action_result.data.*.response.ioFirstSyncTime | string | |
action_result.data.*.response.ioLastSyncFailure | string | |
action_result.data.*.response.ioLastSyncSuccess | string | |
action_result.data.*.response.ioSyncErrorDetails | string | |
action_result.data.*.response.ioSyncStatus | string | |
action_result.data.*.response.ipCount | numeric | |
action_result.data.*.response.modifiedTime | string | |
action_result.data.*.response.name | string | |
action_result.data.*.response.owner.firstname | string | |
action_result.data.*.response.owner.id | string | |
action_result.data.*.response.owner.lastname | string | |
action_result.data.*.response.owner.username | string | user name |
action_result.data.*.response.ownerGroup.description | string | |
action_result.data.*.response.ownerGroup.id | string | |
action_result.data.*.response.ownerGroup.name | string | |
action_result.data.*.response.repositories.*.ipCount | string | |
action_result.data.*.response.repositories.*.repository.description | string | |
action_result.data.*.response.repositories.*.repository.id | string | |
action_result.data.*.response.repositories.*.repository.name | string | |
action_result.data.*.response.status | string | |
action_result.data.*.response.tags | string | |
action_result.data.*.response.targetGroup.description | string | |
action_result.data.*.response.targetGroup.id | numeric | |
action_result.data.*.response.targetGroup.name | string | |
action_result.data.*.response.template.description | string | |
action_result.data.*.response.template.id | numeric | |
action_result.data.*.response.template.name | string | |
action_result.data.*.response.type | string | |
action_result.data.*.response.typeFields.definedDNSNames | string | |
action_result.data.*.response.typeFields.definedIPs | string | ip |
action_result.data.*.response.typeFields.rules.children.*.children.*.filterName | string | |
action_result.data.*.response.typeFields.rules.children.*.children.*.operator | string | |
action_result.data.*.response.typeFields.rules.children.*.children.*.pluginIDConstraint | string | |
action_result.data.*.response.typeFields.rules.children.*.children.*.type | string | |
action_result.data.*.response.typeFields.rules.children.*.children.*.value | string | |
action_result.data.*.response.typeFields.rules.children.*.filterName | string | |
action_result.data.*.response.typeFields.rules.children.*.operator | string | |
action_result.data.*.response.typeFields.rules.children.*.pluginIDConstraint | string | |
action_result.data.*.response.typeFields.rules.children.*.type | string | |
action_result.data.*.response.typeFields.rules.children.*.value | string | |
action_result.data.*.response.typeFields.rules.operator | string | |
action_result.data.*.response.typeFields.rules.type | string | |
action_result.data.*.timestamp | numeric | |
action_result.data.*.type | string | |
action_result.summary | string | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric |
Update existing group with provided fields
Type: generic
Read only: False
View Tenable.sc API docs for available fields to update.
PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS |
---|---|---|---|---|
group_name | required | Name of group to update | string | |
update_fields | required | Fields to use for updating the group (JSON String) | string |
DATA PATH | TYPE | CONTAINS |
---|---|---|
action_result.status | string | |
action_result.parameter.group_name | string | |
action_result.parameter.update_fields | string | |
action_result.data.*.error_code | numeric | |
action_result.data.*.error_msg | string | |
action_result.data.*.response.assets.*.description | string | |
action_result.data.*.response.assets.*.id | string | |
action_result.data.*.response.assets.*.name | string | |
action_result.data.*.response.createDefaultObjects | string | |
action_result.data.*.response.createdTime | string | |
action_result.data.*.response.definingAssets.*.description | string | |
action_result.data.*.response.definingAssets.*.id | string | |
action_result.data.*.response.definingAssets.*.name | string | |
action_result.data.*.response.description | string | |
action_result.data.*.response.id | string | |
action_result.data.*.response.modifiedTime | string | |
action_result.data.*.response.name | string | |
action_result.data.*.response.userCount | numeric | |
action_result.data.*.timestamp | numeric | |
action_result.data.*.type | string | |
action_result.summary | string | |
action_result.message | string | |
summary.total_objects | numeric | |
summary.total_objects_successful | numeric |