Accessing Tenable Attack Surface Management in Tenable Vulnerability Management

The data that Tenable Attack Surface Management discovers is ingested into Tenable Vulnerability Management to enrich Host asset data within the platform, which in turn can provide potential assessment targets.

To view the assets data:

  • In Tenable Vulnerability Management, go to Explore > Assets.

    Note: Make sure that you remove the default Licensed assets filter.

    The Assets page appears with all assets in Tenable Vulnerability Management including the ones ingested from Tenable Attack Surface Management.

Integration Characteristics

Tenable Attack Surface Management and Tenable Vulnerability Management integration has the following characteristics:

  • Real-time data is ingested into Tenable Vulnerability Management.

    Note: Depending on the system load, it may take up to 24 hours for the data to synchronize with Tenable Vulnerability Management.

  • You can configure global settings for network, asset identification, and ingestion filters at the time of integration. Optionally, you can enable or disable ingestion for the current inventory.

  • Data is filtered based on the Ingestion Filters that you provide at the time of integration.

  • Tenable Attack Surface Management identifies the assets based on IP address or hostname. This is configured as part of the global settings at the time of integration.

  • Host assets are created based on Tenable Attack Surface Management parameters.

  • Tenable Attack Surface Management ensures that the Host assets data in Tenable Attack Surface Management and Tenable Vulnerability Management matches completely.

  • Tenable Attack Surface Management discovered assets are categorized as unlicensed or unscanned assets that are not counted towards your license.

  • The Source column in the Assets table shows External Attack Surface Management for the assets discovered by Tenable Attack Surface Management.

  • Assets that the Tenable Attack Surface Management discovers via the passive discovery scan can later be scanned by Tenable Nessus.

  • The Host assets data is enriched by including CPEs and Ports data.

Asset Identification Characteristics

The following are the characteristics of the asset identification types, IP address and hostname:

  • Tenable Vulnerability Management considers the IP or hostname configuration only when an asset has the data to support it.

  • If the source includes assets with wildcard DNS, the integration may lack sufficient information to come up with a real hostname. Tenable Attack Surface Management uses a *. notation for wildcard DNS, but it is not a real hostname. In such cases, the asset is identified by the IP address.

  • If the source includes assets with elastic IPs, Tenable Attack Surface Management loses the IP information for assets within that source. In such cases, Tenable Attack Surface Management still creates the asset but by using FQDN to identify the asset.

  • If the source includes both wildcard DNS and elastic IPs, Tenable Attack Surface Management may lack sufficient information to identify the public asset. In such cases, you can manually add the subdomains to Tenable Attack Surface Management sources by using the Add Subdomain option.

Host Asset Conditions

The following are the conditions for Tenable Attack Surface Management to create Host Assets:

  • Considers only A and AAA records.

  • Filters assets globally by hostnames or IP addresses, and ingestion filters. You can also override the global setting by enabling the inventory settings.

Examples

The following images show how the ingested Tenable Attack Surface Management data displays the Hosts and Tenable Nessus scan data on the Assets table in Tenable Vulnerability Management.

Hosts Assets

Tenable Nessus Scanned Assets