Tenable SC
App Vendor: Tenable
Connector Category: Network Security
Connector Version: 1.6.0
API Version: 1.0.0
Product Version: 5.14.1
About App
The Tenable SC app allows security teams to integrate with Tenable SC (formerly known as SecurityCenter) enterprise application. It helps analysts in retrieving the real-time assessment results of a network to identify, investigate and prioritize vulnerabilities.
The Tenable SC app in the Orchestrate application can perform the below-listed actions:
Action Name | Description |
|---|---|
Get Information of All Alerts | This action retrieves information about all alerts. |
Get Scan Result | This action retrieves the scan result from Tenable SC. |
Get All Assets Overview Details | This action retrieves the overview details of all assets. |
Get Scan Details | This action retrieves scan details with scan ID. |
Get Vulnerability Analysis | This action performs a vulnerability analysis for CVE, IP, hosts, and many more. |
Query Fields | This action retrieves query fields with the help of the associated ID. |
List All Scans Results | This action retrieves a list of scans. |
Launch a Scan | This action launches the scan associated with scan ID. |
Download Scan Result | This action downloads the scan result associated with the scan ID, and returns a zip file containing a Nessus file. |
Create a Scan | This action creates a scan for an asset or IP address, or even both. |
List all Scans | This action retrieves the list of all scans. |
Get Credentials | This action retrieves the list of all the credentials. |
Get Policies | This action retrieves the list of all the policies. |
Get Repositories | This action retrieves a list of all the repositories. |
Query Plugins with CVE ID | This action filters plugins with matching CVE ID. |
Download Analysis Report | This action downloads the analysis report. |
Generic Action | This action performs generic actions. |
Configuration Parameters
The following configuration parameters are required for the Tenable SC app to communicate with Tenable SC Enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the Base URL. Example: "https://sc.tenalab.tld" | Text | Required | |
Port | Enter the port where Nessus is hosted. Example: "443" | Text | Required | |
Username | Enter the user name to access Tenable SC. Example: "api0080" | Text | Required | |
Password | Enter the password to access Tenable SC. | Password | Required | |
TLS/SSL Verification | Optional preference to either verify or skip the TLS/SSL certificate verification. Example: True | Boolean | Optional | Allowed values:
Default value: False |
Action: Query Fields
This action retrieves query fields with the help of the associated ID.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Field Name | Enter the field name. For example: "AlertName" | Text | Required |
Example Request
[
{
"field_name": "AlertName"
}
]Action: Get Vulnerability Analysis
This action retrieves vulnerability analysis for CVE, IP, hosts, and more.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Tool | Enter the tool name. Tools are used to mention the type of search to undertake for vulnerability. Example: "cveipdetail" | Text | Required | Allowed values:
|
Start Offset | Enter the start offset value. It represents the lower bound of record set. Example: "10" | Text | Optional | It represents the lower bound of record set. Default value: 0 |
End Offset | Enter the end offset value. It represents the upper bound of record set. For example: "5000" | Text | Optional | Default value: -1 (returns everything) |
Filters | Choose the filters to filter the output. The allowed keys must be passed in a key-value pair. Example:
| Key Value | Optional | Allowed keys:
|
Type | Enter the type to be analyzed. Example: "event" | Text | Optional | Allowed values:
|
Source Type | Enter the type of source. Example: "cumulative" | Text | Optional | Allowed values:
|
Example Request
[
{
"tool": "cveipdetail",
"type": "event",
"filters":
{
"value": "CVE-2014-4208",
"operator": "=",
"filterName": "cveID"
},
"endoffset": 5000,
"sourcetype": "cumulative",
"startoffset": 10
}
]Action: Get Information of All Alerts
This action retrieves information about all Alerts.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Query P arameters | Enter the query parameters to filter out all the alerts. The allowed keys must be passed in a key-value pair. Example:
| Key Value | Optional | Allowed parameters:
|
Example Request
[
{
"params":
{
”id”: “1”,
”name”: “Proxy alert”,
”description”: “Alert on proxy server“,
“tool”: “cveipdetail”
}
}
]Action: Get Scan Details
This action retrieves the details of a scan.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Query Parameters | Enter the query parameters to filter out scans. The allowed keys must be passed in a key-value pair. Example:
| Key Value | Optional | Allowed values:
|
Example Request
[
{
"params":
{
”id”: “1”,
”name”: “Proxy alert”,
”description”: “Alert on proxy server“
}
}
]Action: Get All Assets Overview Details
This action retrieves the overview details of all assets.
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Query Params to Filter Assets | Enter the query parameters to filter out assets. The allowed keys must be passed in a key-value pair. Example:
| Key Value | Optional | Allowed values:
|
Example Request
[
{
"params":
{
”id”: “1”,
”name”: “Proxy alert”,
”description”: “Alert on proxy server“,
“type”: “never”,
”ownerGroup”:
{
”id”: “0”,
”name”: “Full Access“,
”description”: “Full Access Group“
}
}
}
]Action: Get Scan Result
This action retrieves a scan result from Nessus SC
Input Parameters
Parameter | Description | Field Type | Required / Optional | Comments |
|---|---|---|---|---|
Scan ID | Enter the ID of the scan for which you need the results. For example: "1234" | Text | Required | You can retrieve the scan ID using the List All Scans action. |
Query Parameters to Filter Scan Results | Enter the query parameters to filter out results of scans. The allowed keys must be passed in a key-value pair. Example:
| Key Value | Optional | Allowed values:
|
Example Request
[
{
"id": 1234,
"params":
{
“name”: “Full Access“,
“id”: 11,
“description”: “Full Access Group“
}
}
]Action: Get Credentials
This action retrieves the list of all the credentials.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Fields | Enter the fields to return in the response. By default id, name, description, and type fields are returned. You can enter multiple values as comma separated list. Example: "id, name" | Text | Optional |
Example Request
[
{
"fields": "id, name"
}
]Action: Get Policies
This action retrieves the list of all the policies.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Fields | Enter the fields to return in the response. By default id, name, description, and status fields are returned. You can enter multiple values as comma separated list. Example: "id, name" | Text | Optional |
Example Request
[
{
"fields": "id,name"
}
]Action: Get Repositories
This action retrieves a list of all the repositories.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Fields | Enter the fields to return in the response. By default id, name, and description fields are returned. You can add multiple values as comma separated list. Example: "id, name" | Text | Optional |
Example Request
[
{
"fields": "id,name"
}
]Action: Query Plugins with CVE ID
This action filters plugins with matching CVE ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
CVE ID | Enter the CVE ID. Example: "CVE-2014-4208" | Text | Required | |
Start offset | Enter the value for start offset. Example: "3" | Text | Optional | Default value:
|
End offset | Enter the value for the end offset. default is set to 50. Example: "10" | Text | Optional |
Example Request
[
{
"cve_id": "CVE-2014-4208",
"endoffset": "3",
"startoffset": "1"
}
]Generic Action
This action performs generic actions.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Endpoint | Enter the endpoint. | Text | Required |
|
Method | Enter the method. Example: GET | Text | Required |
|
Payload | Enter the payload. | Key_value | Optional |
|
Query Params | Enter the query parameters. | Key_value | Optional |
|