Skip to main content

Cyware Orchestrate

Tenable SC 1.0.0

App Vendor: Tenable

Connector Category: Vulnerability Management

Connector Version: 1.6.0

API Version: 1.0.0

Product Version: 5.14.1

About App

The Tenable SC app allows security teams to integrate with Tenable SC (formerly known as SecurityCenter) enterprise application. It helps analysts in retrieving the real-time assessment results of a network to identify, investigate and prioritize vulnerabilities.

The Tenable SC app in the Orchestrate application can perform the below-listed actions:

Action Name 

Description 

Get Information of All Alerts 

This action retrieves information about all alerts.

Get Scan Result 

This action retrieves the scan result from Tenable SC.

Get All Assets Overview Details 

This action retrieves the overview details of all assets.

Get Scan Details 

This action retrieves scan details with scan ID.

Get Vulnerability Analysis 

This action performs a vulnerability analysis for CVE, IP, hosts, and many more.

Query Fields 

This action retrieves query fields with the help of the associated ID.

List All Scans Results 

This action retrieves a list of scans.

Launch a Scan 

This action launches the scan associated with scan ID.

Download Scan Result 

This action downloads the scan result associated with the scan ID, and returns a zip file containing a Nessus file.

Create a Scan 

This action creates a scan for an asset or IP address, or even both.

List all Scans 

This action retrieves the list of all scans.

Get Credentials 

This action retrieves the list of all the credentials.

Get Policies 

This action retrieves the list of all the policies.

Get Repositories 

This action retrieves a list of all the repositories.

Query Plugins with CVE ID 

This action filters plugins with matching CVE ID.

Download Analysis Report

This action downloads the analysis report.

Generic Action

This action performs generic actions.

Configuration Parameters

The following configuration parameters are required for the Tenable SC app to communicate with Tenable SC Enterprise application. The parameters can be configured by creating instances in the app.

Parameter

Description

Field Type

Required / Optional

Comments

Base URL

Enter the Base URL.

Example:

"https://sc.tenalab.tld"

Text

Required

Port

Enter the port where Nessus is hosted.

Example:

"443"

Text

Required

Username

Enter the user name to access Tenable SC.

Example:

"api0080"

Text

Required

Password

Enter the password to access Tenable SC.

Password

Required

TLS/SSL Verification

Optional preference to either verify or skip the TLS/SSL certificate verification.

Example:

True

Boolean

Optional

Allowed values:

  • True

  • False

Default value:

False

Action: Create a Scan

This action creates a scan for an asset or IP address or both.

Input Parameters

Parameters

Description

Field Type

Required/Optional

Comments

Scan Name

Enter the scan name to create a new scan.

Example:

Full Access

Text

Required

Description

Enter a description.

Example:

Full Access Group

Text

Required

Policy ID

Enter the policy ID.

Example:

1002331

Text

Required

Repository ID

Enter the repository ID.

Example:

1234

Text

Required

IP Address

Enter the IP addresses.

Example:

10.0.0.1

Text

Optional

You can enter the IP address or assets or even both.

Asset ID

Enter the Asset ID.

Example:

0001

Text

Optional

You can enter IP address or asset or even both.

Credential ID

Enter the credential ID.

Example:

1000024

Text

Optional

Maximum Scan Time

Enter the maximum time for the scan in hours.

Example:

6

Text

Optional

By default, the time is set to unlimited.

Zone ID

Enter the zone ID.

Example:

-1

Text

Optional

By default, the value is set to 0.

Extra Params

Enter the extra parameters.

Example:

"createdTime"

Key-value

Optional

Allowed values:

  • createdTime

  • modifiedTime

  • reports

Example Request 

[
  {
    "assets": "756",
    "zone_id": "-1",
    "policy_id": "1000116",
    "scan_name": "test-1",
    "description": "test-1",
    "extra_param": {},
    "repository_id": "3"
  }
]
Action: Download Analysis Report

This action downloads the analysis report.

Action Input Parameters 

Parameter

Description

Field Type

Required/Optional

Comments

Analysis Type 

Enter the analysis type for the report.

Example:

Vuln

Text

Required

Query 

Enter the query to fetch the report.

Example: 

{id: 1}

Key_value

Required

Source Type 

Enter the source type.

Example: "individual" | "cumulative" | "patched"

Text

Optional

Columns 

Enter the columns for the report.

Example: 

["ip", "netbios-name"]

List

Optional

Scan ID 

Enter the scan ID.

Example: 

267

Text

Optional

View ID

Enter the view ID 

Example: 

443

Text

Optional

Extra Params 

Enter the extra params.

Example: 

{"format": "csv"}

Key_value

Optional

Action: Download Scan Result

This action downloads the scan result based in the scan ID.

Input Parameters

Parameters

Description

Field Type

Required/Optional

Comments

Scan ID

Enter the scan ID to download the scan result.

Example:

1234

Text

Required

You can retrieve the scan ID using the List All Scans action.

Example Request 

[
        {
                "scan_id": 1234
            
        }
]
Action: Get All Assets Overview Details

This action retrieves the overview details of all assets.

Input Parameters

Parameter

Description

Field Type

Required / Optional

Comments

Query Params to Filter Assets

Enter the query parameters to filter out assets. The allowed keys must be passed in a key-value pair.

Example:

  • name: Proxy alert

  • description: Alert on proxy server

  • type: never

Key Value

Optional

Allowed values:

  • Name

  • Description

  • Type

  • Owner Group

Example Request
[
        {
                "params":
                {
                        ”id”: “1”,
                        ”name”: “Proxy alert”,
                        ”description”: “Alert on proxy server“,
                        “type”: “never”,
                        ”ownerGroup”:
                        {
                                ”id”: “0”,
                                ”name”: “Full Access“,
                                ”description”: “Full Access Group“
                        }
                }
        }
]
Action: Get Credentials

This action retrieves the list of all the credentials.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Fields

Enter the fields to return in the response. By default id, name, description, and type fields are returned. You can enter multiple values as comma separated list.

Example:

"id, name"

Text

Optional

Example Request 

[
    {
        "fields": "id, name"
    }
]
Action: Get Information of All Alerts

This action retrieves information about all Alerts.

Input Parameters

Parameter

Description

Field Type

Required / Optional

Comments

Query

P arameters

Enter the query parameters to filter out all the alerts. The allowed keys must be passed in a key-value pair.

Example:

  • id: 1

  • name: Proxy alert

  • description: Alert on proxy server

  • tool: cveipdetail

Key Value

Optional

Allowed parameters:

  • ID

  • Name

  • Description

  • Tool

Example Request
[
        {
                "params":
                {
                        ”id”: “1”,
                        ”name”: “Proxy alert”,
                        ”description”: “Alert on proxy server“,
                        “tool”: “cveipdetail”
                }
        }
]
Action: Get Policies

This action retrieves the list of all the policies.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Fields

Enter the fields to return in the response. By default id, name, description, and status fields are returned. You can enter multiple values as comma separated list.

Example:

"id, name"

Text

Optional

Example Request 

[
    {
        "fields": "id,name"
    }
]
Action: Get Repositories

This action retrieves a list of all the repositories.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Fields

Enter the fields to return in the response. By default id, name, and description fields are returned. You can add multiple values as comma separated list.

Example:

"id, name"

Text

Optional

Example Request 

[
    {
        "fields": "id,name"
    }
]
Action: Get Scan Details

This action retrieves the scan details using the scan ID.

Input Parameters

Parameters

Description

Text Field

Required/Optional

Comments

Scan ID

Enter the scan ID to retrieve the scan details.

Example:

"1234"

Text

Required

You can retrieve the scan ID using the List All Scans action.

Example Request 

[
        {
              "scan_id": 1234
        }
]
Action: Get Scan Result

This action retrieves a scan result from Nessus SC

Input Parameters

Parameter

Description

Field Type

Required / Optional

Comments

Scan ID

Enter the ID of the scan for which you need the results.

For example:

"1234"

Text

Required

You can retrieve the scan ID using the List All Scans action.

Query Parameters to Filter Scan Results

Enter the query parameters to filter out results of scans. The allowed keys must be passed in a key-value pair.

Example:

  • name: Proxy alert

  • id: 11

  • description: Alert on proxy server

Key Value

Optional

Allowed values:

  • name

  • ID

  • description

Example Request
[
        {
                "id": 1234,
                "params":
                {
                        “name”: “Full Access“,
                        “id”: 11,
                        “description”: “Full Access Group“
                }
        }
]
Action: Get Vulnerability Analysis

This action retrieves vulnerability analysis for CVE, IP, hosts, and more.

Input Parameters

Parameter

Description

Field Type

Required / Optional

Comments

Tool

Enter the tool name. Tools are used to mention the type of search to undertake for vulnerability.

Example:

"cveipdetail"

Text

Required

Allowed values:

  • cceipdetail

  • cveipdetail

  • iavmipdetail

  • iplist

  • listos

  • listservices

  • listsoftware

  • sumcve

Start Offset

Enter the start offset value.

It represents the lower bound of record set.

Example:

"10"

Text

Optional

It represents the lower bound of record set.

Default value:

0

End Offset

Enter the end offset value. It represents the upper bound of record set.

For example:

"5000"

Text

Optional

Default value:

-1 (returns everything)

Filters

Choose the filters to filter the output. The allowed keys must be passed in a key-value pair.

Example:

  • value: CVE-2014-4208

  • operator: =

  • filterName: cveID

Key Value

Optional

Allowed keys:

  • filterName

  • operator

  • value

Type

Enter the type to be analyzed.

Example:

"event"

Text

Optional

Allowed values:

  • event

  • vuln

Source Type

Enter the type of source.

Example:

"cumulative"

Text

Optional

Allowed values:

  • cumulative

  • individual

Example Request
[
        {
                "tool": "cveipdetail",
                "type": "event",
                "filters":
                {
                        "value": "CVE-2014-4208",
                        "operator": "=",
                        "filterName": "cveID"
                },
                "endoffset": 5000,
                "sourcetype": "cumulative",
                "startoffset": 10
        }
]
Action: Launch a Scan

This action launches a scan that is associated with the scan ID.

Input Parameters

Parameters

Description

Field Type

Required/Optional

Comments

Scan ID

Enter the unique ID associated with the scan to launch the scan.

Example:

"1234"

Text

Required

You can retrieve the scan ID using the List All Scans action.

Diagnostic Target

Enter the diagnostic target IP or Hostname.

Example:

"10.10.10.76"

Text

Optional

Diagnostic Password

Enter the diagnostic password.

Example:

Pssd123

Password

Optional

Example Request 

[
        {
                "scan_id": 1234,
                "target_ip": 10.10.10.76,
                “target_password”: “pssd123“  
        }
]
Action: List all Scan Results

This action lists all the scan results.

Input Parameters

There are no input parameters for this action.

Action: List All Scans

This action retrieves the list of all scans.

Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

Query Params

Enter the query parameters to filter and list the scans.

Example:

  • id: 11

  • name: Full scan

  • description: Full scan group

Key Value

Optional

Allowed values:

  • ID

  • name

  • description

Example Inputs 

[
        {

                "params":
                {
                        “name”: “Full Access“,
                        “id”: 1234,
                        “description”: “Full Access Group“
                }
       }
    
]
Action: Query Fields

This action retrieves query fields with the help of the associated ID.

Input Parameters

Parameter

Description

Field Type

Required / Optional

Comments

Field Name

Enter the field name.

For example:

"AlertName"

Text

Required

Example Request
[
        {
                "field_name": "AlertName"
        }
]
Action: Query Plugins with CVE ID

This action filters plugins with matching CVE ID.

Action Input Parameters

Parameter

Description

Field Type

Required/Optional

Comments

CVE ID

Enter the CVE ID.

Example:

"CVE-2014-4208"

Text

Required

Start offset

Enter the value for start offset.

Example:

"3"

Text

Optional

Default value:

  • 0

End offset

Enter the value for the end offset. default is set to 50.

Example:

"10"

Text

Optional

Example Request 

[
    {
        "cve_id": "CVE-2014-4208",
        "endoffset": "3",
        "startoffset": "1"
    }
]
Action: Generic Action

This action performs generic actions.

Action Input Parameters 

Parameter

Description

Field Type

Required/Optional

Comments

Endpoint 

Enter the endpoint.

Text

Required

Method 

Enter the method.

Example:

GET

Text

Required

Payload 

Enter the payload.

Key_value

Optional

Query Params 

Enter the query parameters.

Key_value

Optional