Tenable.sc

Publisher: Splunk
Connector Version: 2.2.2
Product Vendor: Tenable
Product Name: Tenable.sc
Product Version Supported (regex): ".*"
Minimum Product Version: 5.0.0

This app integrates with Tenable's SecurityCenter to provide endpoint-based investigative actions

Port Information

The app uses HTTP/ HTTPS protocol for communicating with the Cisco ISE server. Below are the default ports used by Splunk SOAR.

Service Name	Transport Protocol	Port
http	tcp	80
https	tcp	443

Configuration Variables

The below configuration variables are required for this Connector to operate. These variables are specified when configuring a Tenable.sc asset in SOAR.

VARIABLE	REQUIRED	TYPE	DESCRIPTION
base_url	required	string	Tenable.sc instance URL (https://sc_instance.company.com)
verify_server_cert	optional	boolean	Verify server certificate
retry_count	optional	numeric	Maximum attempts to retry api call if database locked errors (Default: 5)
retry_wait	optional	numeric	Delay in seconds between retries (Default: 30)
username	required	string	Username
password	required	password	Password

Supported Actions

test connectivity - Validate the asset configuration for connectivity
scan endpoint - Runs a scan against a specified IP or host
list vulnerabilities - Query Tenable.sc for a list of vulnerabilities associated with an IP or host name or CVEID
list policies - Lists the scan policies available in Tenable.sc
list repositories - Lists the repositories available in Tenable.sc
update asset - Update existing asset with provided fields or create a new one as a 'static' type
update group - Update existing group with provided fields

action: 'test connectivity'

Validate the asset configuration for connectivity

Type: test
Read only: True

Action Parameters

No parameters are required for this action

Action Output

No Output

action: 'scan endpoint'

Runs a scan against a specified IP or host

Type: investigate
Read only: True

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
ip_hostname	required	IP/Hostname to scan (comma-separated)	string	`ip` `host name`
scan_policy_id	required	Tenable.sc Scan Policy ID to use	numeric	`tenablesc scan policy id`
repository_id	optional	Tenable.sc repository ID to use (Default: 1)	numeric	`tenablesc repository id`

Action Output

DATA PATH	TYPE	CONTAINS
action_result.status	string
action_result.parameter.ip_hostname	string	`ip` `host name`
action_result.parameter.scan_policy_id	numeric	`tenablesc scan policy id`
action_result.parameter.repository_id	numeric	`tenablesc repository id`
action_result.data.*.assets	string
action_result.data.*.canManage	string
action_result.data.*.canUse	string
action_result.data.*.classifyMitigatedAge	string
action_result.data.*.createdTime	string
action_result.data.*.creator	string
action_result.data.*.creator.firstname	string
action_result.data.*.creator.id	string
action_result.data.*.creator.lastname	string
action_result.data.*.creator.username	string	`user name`
action_result.data.*.credentials	string
action_result.data.*.description	string
action_result.data.*.dhcpTracking	string
action_result.data.*.emailOnFinish	string
action_result.data.*.emailOnLaunch	string
action_result.data.*.error_code	string
action_result.data..error_msgaction_result.data..warnings	string
action_result.data.*.id	string	`tenablesc scan id`
action_result.data.*.ipList	string	`ip` `host name`
action_result.data.*.maxScanTime	string
action_result.data.*.modifiedTime	string
action_result.data.*.name	string
action_result.data.*.numDependents	string
action_result.data.*.owner	string
action_result.data.*.owner.firstname	string
action_result.data.*.owner.id	string
action_result.data.*.owner.lastname	string
action_result.data.*.owner.username	string	`user name`
action_result.data.*.ownerGroup	string
action_result.data.*.ownerGroup.description	string
action_result.data.*.ownerGroup.id	string
action_result.data.*.ownerGroup.name	string
action_result.data.*.plugin	string
action_result.data.*.plugin.description	string
action_result.data.*.plugin.id	numeric
action_result.data.*.plugin.name	string
action_result.data.*.policy	string
action_result.data.*.policy.context	string
action_result.data.*.policy.creator.firstname	string
action_result.data.*.policy.creator.id	string
action_result.data.*.policy.creator.lastname	string
action_result.data.*.policy.creator.username	string	`user name`
action_result.data.*.policy.description	string
action_result.data.*.policy.id	string	`tenablesc scan policy id`
action_result.data.*.policy.name	string
action_result.data.*.policy.owner.firstname	string
action_result.data.*.policy.owner.id	string
action_result.data.*.policy.owner.lastname	string
action_result.data.*.policy.owner.username	string	`user name`
action_result.data.*.policy.ownerGroup.description	string
action_result.data.*.policy.ownerGroup.id	string
action_result.data.*.policy.ownerGroup.name	string
action_result.data.*.policy.tags	string
action_result.data.*.policyPrefs	string
action_result.data..policyPrefs..name	string
action_result.data..policyPrefs..value	string
action_result.data.*.reports	string
action_result.data.*.repository	string
action_result.data.*.repository.description	string
action_result.data.*.repository.id	string
action_result.data.*.repository.name	string
action_result.data.*.response	string
action_result.data.*.rolloverType	string
action_result.data.*.scanResultID	string	`tenablesc scan result id`
action_result.data.*.scanningVirtualHosts	string
action_result.data.*.schedule	string
action_result.data.*.schedule.dependent	string
action_result.data.*.schedule.dependent.description	string
action_result.data.*.schedule.dependent.id	numeric
action_result.data.*.schedule.dependent.name	string
action_result.data.*.schedule.enabled	string
action_result.data.*.schedule.id	numeric
action_result.data.*.schedule.nextRun	numeric
action_result.data.*.schedule.objectType	numeric
action_result.data.*.schedule.repeatRule	string
action_result.data.*.schedule.start	string
action_result.data.*.schedule.type	string
action_result.data.*.status	string
action_result.data.*.timeoutAction	string
action_result.data.*.timestamp	string
action_result.data.*.type	string
action_result.data.*.zone	string
action_result.data.*.zone.description	string
action_result.data.*.zone.id	numeric
action_result.data.*.zone.name	string
action_result.summary.name	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric

action: 'list vulnerabilities'

Query Tenable.sc for a list of vulnerabilities associated with an IP or host name or CVEID

Type: investigate
Read only: True

If the input IP / host name / CVEID is not available in the server, Action will pass with 0 vulnerability.

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
ip_hostname	optional	IP / host name of host to query	string	`ip` `host name`
cve_id	optional	CVEID to query	string

Action Output

DATA PATH	TYPE	CONTAINS
action_result.status	string
action_result.parameter.ip_hostname	string	`ip` `host name`
action_result.parameter.cve_id	string
action_result.data.*.endOffset	string
action_result.data.*.matchingDataElementCount	string
action_result.data..results..family.id	string
action_result.data..results..family.name	string
action_result.data..results..family.type	string
action_result.data..results..hostTotal	string
action_result.data..results..name	string
action_result.data..results..pluginID	string
action_result.data..results..severity.description	string
action_result.data..results..severity.id	string
action_result.data..results..severity.name	string
action_result.data..results..total	string
action_result.data..results..vprContext	string
action_result.data..results..vprScore	string
action_result.data.*.returnedRecords	numeric
action_result.data.*.startOffset	string
action_result.data.*.totalRecords	string
action_result.summary.critical_vulns	numeric
action_result.summary.high_vulns	numeric
action_result.summary.info_vulns	numeric
action_result.summary.low_vulns	numeric
action_result.summary.medium_vulns	numeric
action_result.summary.total_vulnerabilities	numeric
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric

action: 'list policies'

Lists the scan policies available in Tenable.sc

Type: investigate
Read only: True

Action Parameters

No parameters are required for this action

Action Output

DATA PATH	TYPE	CONTAINS
action_result.status	string
action_result.data..manageable..description	string
action_result.data..manageable..id	string	`tenablesc scan policy id`
action_result.data..manageable..name	string
action_result.data..manageable..status	string
action_result.data..usable..description	string
action_result.data..usable..id	string	`tenablesc scan policy id`
action_result.data..usable..name	string
action_result.data..usable..status	string
action_result.summary	string
action_result.summary.policy_count	numeric
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric

action: 'list repositories'

Lists the repositories available in Tenable.sc

Type: investigate
Read only: True

Action Parameters

No parameters are required for this action

Action Output

DATA PATH	TYPE	CONTAINS
action_result.status	string
action_result.data.*.id	numeric	`tenablesc repository id`
action_result.data.*.SCI.id	numeric
action_result.data.*.SCI.name	string
action_result.data.*.SCI.description	string
action_result.data.*.name	string
action_result.data.*.dataFormat	string
action_result.data.*.description	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric
action_result.summary	string
action_result.summary.total_repositories	numeric

action: 'update asset'

Update existing asset with provided fields or create a new one as a 'static' type

Type: generic
Read only: False

View Tenable.sc API docs for available fields to update.

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
asset_name	required	Name of asset to update	string
update_fields	required	Fields to use for updating the asset (JSON String)	string

Action Output

DATA PATH	TYPE	CONTAINS
action_result.status	string
action_result.parameter.asset_name	string
action_result.parameter.update_fields	string
action_result.data.*.error_code	numeric
action_result.data.*.error_msg	string
action_result.data.*.response.canManage	string
action_result.data.*.response.canUse	string
action_result.data.*.response.context	string
action_result.data.*.response.createdTime	string
action_result.data.*.response.creator.firstname	string
action_result.data.*.response.creator.id	string
action_result.data.*.response.creator.lastname	string
action_result.data.*.response.creator.username	string	`user name`
action_result.data.*.response.description	string
action_result.data.*.response.id	string
action_result.data.*.response.ioFirstSyncTime	string
action_result.data.*.response.ioLastSyncFailure	string
action_result.data.*.response.ioLastSyncSuccess	string
action_result.data.*.response.ioSyncErrorDetails	string
action_result.data.*.response.ioSyncStatus	string
action_result.data.*.response.ipCount	numeric
action_result.data.*.response.modifiedTime	string
action_result.data.*.response.name	string
action_result.data.*.response.owner.firstname	string
action_result.data.*.response.owner.id	string
action_result.data.*.response.owner.lastname	string
action_result.data.*.response.owner.username	string	`user name`
action_result.data.*.response.ownerGroup.description	string
action_result.data.*.response.ownerGroup.id	string
action_result.data.*.response.ownerGroup.name	string
action_result.data..response.repositories..ipCount	string
action_result.data..response.repositories..repository.description	string
action_result.data..response.repositories..repository.id	string
action_result.data..response.repositories..repository.name	string
action_result.data.*.response.status	string
action_result.data.*.response.tags	string
action_result.data.*.response.targetGroup.description	string
action_result.data.*.response.targetGroup.id	numeric
action_result.data.*.response.targetGroup.name	string
action_result.data.*.response.template.description	string
action_result.data.*.response.template.id	numeric
action_result.data.*.response.template.name	string
action_result.data.*.response.type	string
action_result.data.*.response.typeFields.definedDNSNames	string
action_result.data.*.response.typeFields.definedIPs	string	`ip`
action_result.data..response.typeFields.rules.children..children.*.filterName	string
action_result.data..response.typeFields.rules.children..children.*.operator	string
action_result.data..response.typeFields.rules.children..children.*.pluginIDConstraint	string
action_result.data..response.typeFields.rules.children..children.*.type	string
action_result.data..response.typeFields.rules.children..children.*.value	string
action_result.data..response.typeFields.rules.children..filterName	string
action_result.data..response.typeFields.rules.children..operator	string
action_result.data..response.typeFields.rules.children..pluginIDConstraint	string
action_result.data..response.typeFields.rules.children..type	string
action_result.data..response.typeFields.rules.children..value	string
action_result.data.*.response.typeFields.rules.operator	string
action_result.data.*.response.typeFields.rules.type	string
action_result.data.*.timestamp	numeric
action_result.data.*.type	string
action_result.summary	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric

action: 'update group'

Update existing group with provided fields

Type: generic
Read only: False

View Tenable.sc API docs for available fields to update.

Action Parameters

PARAMETER	REQUIRED	DESCRIPTION	TYPE	CONTAINS
group_name	required	Name of group to update	string
update_fields	required	Fields to use for updating the group (JSON String)	string

Action Output

DATA PATH	TYPE	CONTAINS
action_result.status	string
action_result.parameter.group_name	string
action_result.parameter.update_fields	string
action_result.data.*.error_code	numeric
action_result.data.*.error_msg	string
action_result.data..response.assets..description	string
action_result.data..response.assets..id	string
action_result.data..response.assets..name	string
action_result.data.*.response.createDefaultObjects	string
action_result.data.*.response.createdTime	string
action_result.data..response.definingAssets..description	string
action_result.data..response.definingAssets..id	string
action_result.data..response.definingAssets..name	string
action_result.data.*.response.description	string
action_result.data.*.response.id	string
action_result.data.*.response.modifiedTime	string
action_result.data.*.response.name	string
action_result.data.*.response.userCount	numeric
action_result.data.*.timestamp	numeric
action_result.data.*.type	string
action_result.summary	string
action_result.message	string
summary.total_objects	numeric
summary.total_objects_successful	numeric

Name		Name	Last commit message	Last commit date
Latest commit History 172 Commits
.github/workflows		.github/workflows
release_notes		release_notes
wheels		wheels
.gitignore		.gitignore
.pre-commit-config.yaml		.pre-commit-config.yaml
CONTRIBUTING.md		CONTRIBUTING.md
LICENSE		LICENSE
NOTICE		NOTICE
README.md		README.md
__init__.py		__init__.py
logo_tenablesc.svg		logo_tenablesc.svg
logo_tenablesc_dark.svg		logo_tenablesc_dark.svg
readme.html		readme.html
requirements.txt		requirements.txt
tenablesc.json		tenablesc.json
tenablesc_connector.py		tenablesc_connector.py
tenablesc_consts.py		tenablesc_consts.py
tox.ini		tox.ini

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Tenable.sc

Port Information

Configuration Variables

Supported Actions

action: 'test connectivity'

Action Parameters

Action Output

action: 'scan endpoint'

Action Parameters

Action Output

action: 'list vulnerabilities'

Action Parameters

Action Output

action: 'list policies'

Action Parameters

Action Output

action: 'list repositories'

Action Parameters

Action Output

action: 'update asset'

Action Parameters

Action Output

action: 'update group'

Action Parameters

Action Output

About

Releases

Packages

Languages

License

ianwills-splunk/securitycenter

Folders and files

Latest commit

History

Repository files navigation

Tenable.sc

Port Information

Configuration Variables

Supported Actions

action: 'test connectivity'

Action Parameters

Action Output

action: 'scan endpoint'

Action Parameters

Action Output

action: 'list vulnerabilities'

Action Parameters

Action Output

action: 'list policies'

Action Parameters

Action Output

action: 'list repositories'

Action Parameters

Action Output

action: 'update asset'

Action Parameters

Action Output

action: 'update group'

Action Parameters

Action Output

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages