Bring Penetration Testing Data into Tenable Exposure Management

The Challenge

Static Findings in a Dynamic Environment

Penetration testing is a critical reality check for your security strategy, simulating real-world attacks to find logical flaws and complex exploit chains that automated scanners might miss. However, when pen test findings remain trapped in static PDF reports or spreadsheets, they lose their urgency and context, becoming a point-in-time snapshot rather than a driver of continuous security.

The Solution

Continuous Context via the Open Connector

To bridge this gap, Tenable Exposure Management offers the Tenable One Open Connector to ingest penetration testing data directly into the Tenable Exposure Management platform. This connector acts as the central bridge for your external data, transforming static findings into actionable intelligence.

Core Benefits

This integrations allows you to:

  • Eliminate Data Silos: Move beyond disconnected PDFs and spreadsheets that create dangerous visibility gaps between your testing results and your daily security operations. Centralizing pen-testing findings alongside your continuous exposure data provides a single source of truth and a complete, unified view of risk across your entire attack surface.

  • Contextualize Prioritization: Stop viewing findings in a vacuum; a "High" severity finding in a static PDF lacks the vital context needed to prioritize it against thousands of other exposures. By layering pen-testing results with insights from across your attack surface, you can pinpoint exactly which weaknesses pose the greatest risk to your specific business operations.

  • Streamline Remediation: Replace manual follow-up emails with automated tracking to eliminate the tedious cycle of spreadsheets that allows "zombie" vulnerabilities to persist unnoticed. By integrating these results, you close the visibility gap and make remediation seamless, ensuring every weakness is tracked, fixed, and validated without falling through the cracks.

What You Can Achieve with Integrated Data

Centralized Visibility

Eliminate pen-testing blind spots by consolidating data into a single view.

  • Unified dashboard: View pen-testing findings alongside your CVEs, identity, and cloud exposures in a single dashboard.

  • Single source of truth: Consolidate findings from across your tech stack to gain a comprehensive view of your entire attack surface.

  • Enriched asset records: Enrich asset records with pen-testing findings to understand which specific assets are vulnerable to logical exploits or lateral movement.

Contextual Risk Prioritization

Pinpoint the weaknesses that matter most to your organization.

  • Critical asset context: Blend pen-testing findings with context from your broader attack surface to identify which "High" severity weaknesses actually threaten your most critical business assets.

  • Identify toxic combinations: Use pen-testing data to identify toxic risk combinations, such as a simple misconfiguration that acts as a gateway to sensitive data.

  • Break attack paths: Target specific choke points uncovered during pen-testing to break your highest-risk attack paths.

Operationalized Remediation

Turn pen-testing reports into streamlined, trackable action.

  • Unified lifecycle management: Track the lifecycle of pen-testing findings (Open vs. Fixed) using the same platform and workflows you use for exposure management.

  • Real-time ownership: Assign pen-testing findings directly to asset owners and monitor remediation progress in real-time, eliminating the need for manual follow-up emails.

  • Accelerated validation: Accelerate the validation of fixes by integrating pen-testing findings into your continuous exposure management cycle.

Holistic Exposure Analytics

Communicate pen-testing findings in a holistic, business-aligned view.

  • Comprehensive risk reporting: Incorporate pen-testing findings into your overall risk reporting to provide a more accurate, comprehensive view of organizational risk.

  • Benchmarking: Monitor how your pen-testing results improve over time and benchmark your security posture against industry peers.

  • Board-level communication: Communicate the value of your pen-testing program to the board with clear, measurable reports that tie pen-testing findings to organizational resilience.

Best Practice for Data Integration

To ensure a seamless import of your penetration testing findings via the Tenable One Open Connector, follow the step-by-step workflow below, adhering to the required formatting and normalization standards.

Step 1: Prepare and Standardize Data

Ensure your penetration testing data is formatted correctly before ingestion.

  • Supported file formats: Findings must be structured in CSV or Excel (.xlsx) format. You may also upload a ZIP file containing a single CSV or Excel file.

    Tip: Ask your penetration testing provider to deliver raw data in one of these formats alongside their traditional PDF report.

  • Severity normalization: Tenable Exposure Management categorizes findings into a standard four-tier scale: Critical, High, Medium, and Low.

    • Standardize risk levels: If your report uses a custom numeric scale (e.g., CVSS 1.0–10.0 or Risk 1–5), map these to the standard tiers before upload.
    • Automated mapping: If you upload raw CVSS scores (0–10) without manual categorization, the platform automatically maps those values to the appropriate severity levels in Tenable Exposure Management and calculates the Exposure Score accordingly.

Step 2: Map Data Fields

The Tenable One Open Connector requires specific data points to link findings to assets. Ensure your import file includes the following critical columns.

Mandatory and Suggested Fields

Field Category Mandatory Fields Suggested / Optional Fields
Asset Identifier Asset Name or NetBIOS Name Asset IP, Tags, Asset State, OS
Vulnerability Details Finding Name or Title, Severity Finding State, Description, Solution

Field Mapping Example

Map your source columns to the Tenable Exposure Management target fields as follows to ensure findings are searchable and actionable.

Report Column Header (Example) Tenable Target Field Why it Matters
Asset_IP IPv4 Address Critical identifier for linking the finding to a specific device in Tenable Exposure Management.
Hostname FQDN or NetBIOS Secondary identifier to ensure accurate asset matching if IPs change.
Vulnerability_Title Name The "headline" that appears in dashboards (e.g., SQL Injection).
Severity Severity

Determines the risk calculation.

Note: Ensure values are Critical, High, Medium, or Low.
Description Description Provides full context and details of the vulnerability for the analyst.
Solution Solution The remediation advice for your IT teams.
CVE CVE Helps correlate manual findings with known vulnerabilities if applicable.
Port Port (Optional) Specifies the service port affected (e.g., 443).
Protocol Protocol (Optional) Specifies the protocol (e.g., TCP/UDP).

Step 3: Ingest Data via the Open Connector

The Tenable One Open Connector acts as the bridge for your external data.

To add the connector:

  1. In the left navigation menu, click Connectors.

    The Connectors page appears.

  2. In the upper-right corner, click Add new connector.

    The Connector Library page appears.

  3. In the search box, type the name of the connector (i.e.,Open Connector). Alternatively, locate the connector in the Custom section.

  4. On the Tenable One Open Connector tile, click Connect.

    The connector configuration options appear.

  1. Create Instance:
    • In the Name text box, use a descriptive naming convention (e.g., Q3-2025-External-PenTest).
    • In the Schedule section, execute a one-time import for episodic assessments or schedule a recurring sync for a continuous data feed.
  2. Upload & Map:
    • Upload: Upload your CSV, Excel, or ZIP file.
    • Map Columns: Verify that your file columns are correctly mapped to the Tenable Exposure Management Asset Attributes. Mismatched assets will result in "unlinked" findings that float without an associated device.
  3. Configure Aggregation:  
    • Tenable's suggested best practices or customize as needed).
    • Assign the appropriate Exposure Category based on the specific asset types included in your report.
Tip: For more information on all the configuration options, see the Configure the Connector section in the Tenable One Open Connector topic.

Step 4: Analyze and Organize Findings

Once ingested, your pen-testing findings become live assets within the platform.

  • Validate the import: Filter your Assets view by Source > Custom > Tenable Open Connector to ensure findings appear on the correct assets.
  • Organize with tags: Edit "External Tags" from your import into "Tenable Tags" (e.g., Owner:Database_Team, Source:Manual_PenTest) to align with your organizational structure.
  • Create Exposure Signals: Create a custom signal to track assets tagged with "pentest" (Query: External Tags contains pentest). This helps you target specific choke points uncovered during testing.
  • Visualize data: Use your tags to filter data in Exposure View and Dashboards for targeted analysis.

Step 5: Operationalize the Remediation Lifecycle

Manage the lifecycle of findings using asset ownership and the "Close the Loop" process.

  1. Assign owners: Filter Findings by Asset Owner Tags to generate targeted reports for specific teams (e.g., "Show me all Open Pen Test findings for the Payments Team").
  2. Prioritize: Use the Exposure Score to determine which findings to fix first, focusing on those that reduce the most inventory risk.
  3. Close the loop (fix & verify):
    • Maintain records: Treat your import file as a living document. Once a vulnerability is remediated, delete that specific row from your file.
    • Sync to resolve: Re-upload the updated file. The system automatically compares the new data against the previous version; missing findings are transitioned to Fixed.
    • Recalculate: This sync triggers an immediate recalculation of your Exposure Score.

Summary Checklist

Stage Action
Prepare Format data (CSV/Excel/ZIP) and normalize Severity (Critical/High/Medium/Low).
Ingest Upload via Tenable One Open Connector and validate asset mapping.
Analyze Tag by Asset Owner; check impact on Exposure View and Dashboards.
Remediate Filter by Owner to assign fixes; prioritize based on business risk.
Close Remove fixed findings from the file and re-upload to resolve them in Tenable Exposure Management.