Accessing Tenable Attack Surface Management in Tenable Web App Scanning

The data that Tenable Attack Surface Management discovers is ingested into Tenable Web App Scanning to enrich asset data within the platform, which in turn can provide potential assessment targets.

To view the assets data:

• In Tenable Web App Scanning, go to Applications > Discovered.

  The Discovered table shows Applications which have been discovered by Tenable Attack Surface Managementt, but not yet scanned by Tenable Web App Scanning. Once the applications are scanned, they move from Discovered to Scanned.

Integration Characteristics

Tenable Attack Surface Management and Tenable Web App Scanning integration has the following characteristics:

• Real-time data is ingested into Tenable Web App Scanning.

  Note: Depending on the system load, it may take up to 24 hours for the data to synchronize with Tenable Web App Scanning.

• You can configure global settings for network, asset identification, and ingestion filters at the time of integration. Optionally, you can enable or disable ingestion for the current inventory.

• Data is filtered based on the Ingestion Filters that you provide at the time of integration.

• Web application assets are created based on Tenable Attack Surface Management parameters.

• Tenable Attack Surface Management ensures that the web application assets data in Tenable Attack Surface Management and Tenable Web App Scanning matches completely.

• Tenable Attack Surface Management discovered assets are categorized as unlicensed or unscanned assets that are not counted towards your license.

• The Source column in any applications table show ASM for the assets discovered by Tenable Attack Surface Management.

• Tenable Attack Surface Management adds Screenshots for the web application assets that it discovers: