Tenable Security Center 2.0.0
App Vendor: Tenable
App Category: Vulnerability Management
Connector Version: 2.0.0
API Version: 5.14.1
Note
This app is currently released as a beta version.
About App
The Tenable Security Center app provides real-time, continuous assessment of your security posture, helping security teams identify and address vulnerabilities more quickly.
The Tenable Security Center app is configured with Cyware Orchestrate to perform the following actions:
Action Name | Description |
|---|---|
Create a Scan | This action creates a scan. |
Download Analysis Report | This action downloads an analysis report. |
Download Scan Result | This action downloads the scan result associated with the scan ID and returns a zip file containing a Nessus file. |
Get All Assets Overview Details | This action retrieves all asset overview details. |
Get Credentials | This action retrieves a list of all the credentials. |
Get Information of All Alerts | This action retrieves information about all alerts. |
Get Policies | This action retrieves a list of all the policies. |
Get Repositories | This action retrieves a list of all the repositories. |
Get Scan Details | This action retrieves the scan details of the given scan ID. |
Get Scan Result | This action retrieves scan results from Tenable Security Center. |
Get Vulnerability Analysis | This action retrieves vulnerability analysis for CVE, IP, hosts, and many more. |
Launch a Scan | This action launches a scan on the given scan ID. |
List All Scan Results | This action retrieves a list of all the scan results. |
List All Scans | This action retrieves the list of scans. |
Query Fields | This action queries fields based on the associated ID. |
Query Plugins with CVE ID | This action filters plugins with matching CVE ID. |
Generic Action | This is a generic action used to make requests to any Tenable Security Center endpoint. |
Configuration Parameters
The following configuration parameters are required for the Tenable Security Center app to communicate with the Tenable Security Center enterprise application. The parameters can be configured by creating instances in the app.
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Base URL | Enter the base URL to access Tenable Security Center. Example: https://sc.tenalab.tld | Text | Required | |
Port | Enter the port number. Example: 443 | Text | Required | |
Timeout | Enter the timeout value in seconds. This is the number of seconds that requests will wait to establish a connection with Tenable Security Center. | Integer | Optional | Allowed range: 15-120 Default value: 15 |
Username or Access Key | Enter the username or access key for authentication with Tenable Security Center. | Text | Required | |
Password or Secret Key | Enter the password or secret key for authentication with Tenable Security Center. | Password | Required | |
TLS/SSL Verification | Choose your preference to verify SSL or TLS while making requests. It is recommended to set this option to yes. Passing no may result in incorrectly establishing the connection. | Boolean | Optional | By default, verification is not enabled. |
Authentication Method | Enter true to authenticate using access and secret key for API key-based authentication. If you enter false, enter the username and password for token-based authentication. | Boolean | Optional | By default, token-based authentication, which requires a username and password, is enabled. NoteFor more information on generating an access and secret key, see Tenable Security Center API documentation. |
Action: Create a Scan
This action creates a scan for an asset, an IP address, or both.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Scan Name | Enter the scan name to create a new scan. Example: Full Access | Text | Required | |
Description | Enter the scan description. | Text | Required | |
Policy ID | Enter the policy ID. Example: 1002331 | Text | Required | You can retrieve this using the action Get Policies. |
Repository ID | Enter the repository ID. | Text | Required | You can retrieve this using the action Get Repositories. |
IP Address | Enter the IP addresses. Example: 10.0.0.1 | Text | Optional | You can enter an IP address, an asset, or both. |
Asset IDs | Enter the asset ID. | Text | Optional | You can enter an IP address, an asset, or both. |
Credential ID | Enter the credential ID. | Text | Optional | You can retrieve this using the action Get Credentials. |
Maximum Scan Time | Enter the maximum time for the scan in hours. | Text | Optional | By default, the time is set to unlimited. |
Zone ID | Enter the zone ID. | Text | Optional | By default, the value is set to 0. |
Extra Params | Enter the extra parameters to create a scan. | Key Value | Optional | Allowed keys: type, dhcpTracking, classifyMitigatedAge, schedule, reports, emailOnLaunch, emailOnFinish, timeoutAction, scanningVirtualHosts, rolloverType, inactivityTimeout |
Action: Download Analysis Report
This action downloads the analysis report.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Analysis Type | Enter the analysis type for the report. Example: vuln | Text | Required | |
Query | Enter the query to fetch the report. Example: {id: 1} | Key Value | Required | |
Source Type | Enter the source type. Example: individual | Text | Optional | Allowed values: individual, cumulative, patched |
Columns | Enter the columns for the report. Example: ["ip", "netbios-name"] | List | Optional | |
Scan ID | Enter the scan ID. | Text | Optional | You can retrieve this using the action List All Scans. This is required if the Source Type is individual. |
View ID | Enter the view ID. | Text | Optional | This is required if the Source Type is individual. |
Extra Params | Enter the extra parameters. Example: {"format": "csv"} | Key Value | Optional | Allowed keys: sortDir, sortField, startOffset, endOffset |
Action: Download Scan Result
This action downloads the scan result associated with the scan ID and returns a zip file containing a Nessus file.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Scan ID | Enter the scan ID to download the result. | Text | Required | You can retrieve this using the action List All Scan Results. |
Action: Get All Assets Overview Details
This action retrieves all the asset overview details.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Params to Filter Assets | Enter the query parameters to filter out assets. Example: name: Proxy alert | Key Value | Optional | Allowed keys: Name Description Type Owner Group |
Action: Get Credentials
This action retrieves a list of all the credentials.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Fields | Enter the fields to return in the response. | Text | Optional | For more information on allowed fields, see Tenable Security Center API Documentation. By default id, name, description, and type are returned. |
Action: Get Information of All Alerts
This action retrieves the information about all alerts.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Params | Enter the query parameters to filter out alerts. Example: id: 1 | Key Value | Optional | Allowed keys: id, name, description, tool |
Action: Get Policies
This action is used to get a list of all the policies.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Fields | Enter the fields to return in the response. You can enter multiple values as comma separated list. Example: id, name | Text | Optional | Allowed values: id, uuid, name, description, status, policyTemplate, policyProfileName, creator, tags, type, createdTime, modifiedTime, context, generateXCCDFResults, auditFiles, preferences, targetGroup By default, id, name, description, status are returned. |
Action: Get Repositories
This action retrieves a list of all the repositories.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Fields | Enter the fields to return in the response. You can add multiple values as comma separated list. Example: id, name | Text | Optional | Allowed fields: id, uuid, name, description, type, dataFormat, vulnCount, remoteID, remoteIP, running, downloadFormat, lastSyncTime, lastVulnUpdate, createdTime, modifiedTime, luminFields, ipOverlaps, transfer, typeFields, remoteSchedule By default, id, name, and description are returned. |
Action: Get Scan Details
This action retrieves the scan details using the scan ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Scan ID | Enter the scan ID to retrieve the scan details. | Text | Required | You can retrieve the scan ID using the List All Scans action. |
Action: Get Scan Result
This action retrieves a scan result.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Scan ID | Enter the ID of the scan for which you need the results. | Text | Required | You can retrieve the scan ID using the List All Scans action. |
Query Params to Filter Scan Results | Enter the query parameters to filter out the scan results. Example: name: Proxy alert | Key Value | Optional | Allowed keys: name, ID, description |
Action: Get Vulnerability Analysis
This action retrieves vulnerability analysis for CVE, IP, hosts, and more.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Tool | Enter the tool name. Tools are used to mention the type of search to undertake for vulnerability. Example: cveipdetail | Text | Required | Allowed values: cceipdetail, cveipdetail, iavmipdetail, iplist, listos, listservices, listsoftware, sumcve |
Start Offset | Enter the start offset value. It represents the lower bound of record set. Example: 10 | Text | Optional | Default value: 0 |
End Offset | Enter the end offset value. It represents the upper bound of record set. Example: 5000 | Text | Optional | Default value: -1 (returns everything) |
Filters | Choose the filters to filter the output. The allowed keys must be passed in a key-value pair. Example: value: CVE-2014-4208 | List | Optional | Allowed keys: filterName, operator, value |
Type | Enter the type to be analyzed. Example: event | Text | Optional | Allowed values: event, vuln |
Source Type | Enter the type of source. Example: cumulative | Text | Optional | Allowed values: cumulative, individual |
Action: Launch a Scan
This action launches a scan that is associated with the scan ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Scan ID | Enter the unique ID associated with the scan to launch the scan. | Text | Required | You can retrieve the scan ID using the List All Scans action. |
Diagnostic Target | Enter the diagnostic target IP or Hostname. Example: 10.10.10.76 | Text | Optional | |
Diagnostic Password | Enter the diagnostic password. | Password | Optional |
Action: List All Scan Results
This action lists all the scan results.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Scan ID | Enter the scan ID to retrieve the results. | Text | Optional | You can retrieve the scan ID using the List All Scans action. |
Extra Params | Enter the extra parameters to filter the result. | Key Value | Optional | For more information on allowed parameters, see Tenable Security Center API Documentation. |
Action: List All Scans
This action retrieves the list of scans.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Query Params | Enter the query parameters to filter and list the scans. Example: id: 11 | Key Value | Optional | Allowed values: ID, name, description |
Action: Query Fields
This action retrieves query fields.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Field Name | Enter the field name. Example: AlertName | Text | Required |
Action: Query Plugins with CVE ID
This action filters plugins with matching CVE ID.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
CVE ID | Enter the CVE ID. Example: CVE-2014-4208 | Text | Required | |
Start Offset | Enter the value for start offset. Example: 3 | Text | Optional | Default value: 0 |
End Offset | Enter the value for the end offset. Example: 10 | Text | Optional | Default value: 50 |
Action: Generic Action
This is a generic action used to make requests to any Tenable Security Center endpoint.
Action Input Parameters
Parameter | Description | Field Type | Required/Optional | Comments |
|---|---|---|---|---|
Method | Enter the HTTP method to make the request. | Text | Required | Allowed values: GET, PUT, POST, DELETE |
Endpoint | Enter the endpoint to make the request. Example: /scanResult/{id} | Text | Required | |
Query params | Enter the query parameters to pass to the api. Example: {'type': 'status','incidentid': 'incident_id'} | Key Value | Optional | |
Payload | Enter the payload to pass to the API. | Any | Optional | |
Extra Fields | Enter the extra fields to pass to the API. | Key Value | Optional | Allowed keys: payload_json, custom_output, download, filename, files, retry_wait, retry_count, response_type |