Integrate with Tenable One

You can integrate OT Security with Tenable One and view assets and risk scores data on Tenable Exposure Management.

To integrate with Tenable One, you must first generate a linking key in Tenable Vulnerability Management and provide it to OT Security. Tenable One gets updated periodically with any asset changes since the previous synchronization.

After the integration, OT Security sends the following data to Tenable One:

  • OT Security synchronizes all assets and asset attributes with the Exposure Management > Inventory page. These attributes include the vendor, make, model, state, firmware, and serial number. The synchronization includes the following fields:

    • OT_BACKPLANE_ID

    • OT_BACKPLANE_NAME

    • OT_CATEGORY

    • OT_CRITICALITY

    • OT_DESCRIPTION

    • OT_FAMILY

    • OT_FIRMWARE

    • OT_ID

    • OT_LOCATION

    • OT_MODEL

    • OT_SERIAL_NUMBER

    • OT_SLOT

    • OT_STATE

    • OT_VENDOR

    • OT_SENSOR_NAME

    • OT_DIRECT_IP_ADDRESSES

    • OT_RISK

  • All vulnerability findings associated with assets, including the plugin IDs, plugin names, and plugin output. Tenable One uses this data to track whether the vulnerability status is Active or Fixed for each asset.

  • (Version 4.4 and later) All policy violation findings associated with each asset. This data includes the policy event type, detailed plugin output describing the event, and the involved assets. It also includes the relevant MITRE ATT&CK Tactics, Techniques, and Procedures (TTP) for the observed activity.

  • (Version 4.5 and later) All dynamic tags associated with assets. These appear in Tenable One as External Tags.

    Note: OT Security findings do not appear in Tenable Vulnerability Management, unless you integrate Tenable Vulnerability Management with OT Security or use the OT Discovery engine in your scans.

Before you begin

  • Ensure that you have the linking key generated in Tenable Vulnerability Management. For more information, see OT Connectors in the Tenable Vulnerability Management User Guide.

    Note: A linking key generated within Tenable Vulnerability Management can only be used for a single OT Security site.

To integrate with Tenable One:

  1. In the Tenable OT Security interface, navigate to Settings > Integrations.

    The Integrations page appears.

  2. In the upper-right corner, click Add Integration Module.

    The Add Integration Module panel appears.

  3. In the Module Type section, click Tenable One.

  4. Click Next.

    The Module Definition section appears.

  5. In the Cloud Site box, type the cloud site name.

    Note: The cloud site name appears on the Add OT Connector window in Tenable Vulnerability Management after you generate the linking key.

  6. In the Linking Key box, provide the linking key that you generated from Tenable Vulnerability Management.

  7. Click Save.

    OT Security displays a message that the integration is successful. Once the integration is complete, you can view the linked site in the Integrations page. In Tenable One, the Sensors > OT Connectors page shows the device name configured for that site in OT Security.

    For the device name for a site, see the Device Name section in the System Configuration > Device page.

    Note: If you change the name of your site in OT Security after it is already paired, you can manually modify the sensor name within Tenable Vulnerability Management to match the new site name. Alternatively, you can delete the integration on both OT Security and Tenable Vulnerability Management, and pair it again to automatically update the site name change.

For information about the complete procedure for deploying and licensing Tenable OT Security for Tenable One, see the Tenable One Deployment Guide.