Tenable One Open Connector Mapping

Mapping Behavior and Limitations

This section outlines the expected behavior and logic rules that govern how source file columns are mapped to Tenable Exposure Management attributes during the Tenable One Open Connectorconfiguration process.

These rules ensure consistent data transformation, populate fields accurately, and prevent unintended data loss. To successfully configure a data import using the Tenable One Open Connector, you must understand the logic behind standard one-to-one mappings, supported exceptions, and constraints that Tenable Exposure Management enforces.

Many-to-One Mapping Exceptions (Multi-Value Fields)

By default, if you map multiple source columns to a single-value Tenable Exposure Management attribute, the last mapped column overwrites previous values. However, the following fields accept data from multiple source columns and concatenate the values.

Supported Multi-Value Tenable Exposure Management Fields Ingestion Example
  • Asset > MAC Addresses
  • Asset > IPs (IPv4 Addresses)
  • Asset > External Tags
  • Asset > Custom Attributes
  • Finding > Custom Attributes

If you map several source columns (for example, ip1, ip2, and ip3) to Asset > IPs, Tenable Exposure Management concatenates the values into a comma-separated list during ingestion.

External Tags Prefixing Behavior

Tenable Exposure Management automatically adds context to mapped external tags.

Expected Behavior Purpose Example

When you map any column to Assets > External Tags, Tenable Exposure Management adds the source column name to the tag value.

This enables better filtering and traceability in Tenable Exposure Management.

If the column Business_Unit contains Finance, it becomes: Business_Unit: Finance.

Mandatory Fields

To proceed with syncing the connector, you must define certain mandatory fields. These fields vary based on the selected asset type.

For Assets:

Asset Type Required Fields
Device

At least one of the following:

  • Assets > Asset Name

  • Assets > IPv4 Addresses

  • Assets > Device System Type

Container Assets > Asset Name
Web Applications Assets > Asset Name
Resource (Cloud) Assets > Asset Name
Code Repository Assets > Asset Name

For Findings:

Attribute Required Fields
Finding Attributes (Common)

Severity

Findings > Finding Name Finding Name

Mapping Reference Tables

The following reference tables displays the available mapping options when configuring the Tenable One Open Connector. They are designed to help you align your source file columns with the correct Tenable Exposure Management attributes based on the selected asset type.

Tip: For full setup instructions and usage details, seeTenable One Open Connector.

Device Mapping

Attributes in Source File Available Mapping Options in Tenable Exposure Management Notes
Asset Attributes (Common) AssetsExternal Tags Maps all fields from the ingested type to be asset tags in the platform.
Assets> Created Date None
AssetsLast Observed At None
AssetsCustom Attributes Maps to general asset metadata that doesn't fit a standard field.
Asset Attributes (Device Specific) AssetsAsset Name None
Assets > Host Fully Qualified DNS Maps FQDN.
AssetsOperating Systems None
AssetsOS Version None
AssetsDevice System Type Maps cloud_instance_id.
AssetsMAC Addresses None
Assets IPv4 Addresses None
Finding Attributes (Common) FindingsFinding Name Maps the title or name of the vulnerability and/or weakness.
Findings > Description Maps the description of the vulnerability and/or weakness.
FindingsSeverity Maps CVSS score.
FindingsCVEs None
Findings > CWEs None
Findings > State Maps the findings status (e.g., Open, Fixed, Closed).
Findings > First Seen (observed) None
Findings > Last seen (Observed) None
Finding Attributes (Device Specific) Findings > Port None
FindingsProtocol None
FindingsPackage Version None
Findings > Package None

Web Applications Mapping

Attributes in Source File Available Mapping Options in Tenable Exposure Management Notes
Asset Attributes (Common) Same as in Device (Common Finding Attributes) None
Asset Attributes (WebApp Specific) AssetsAsset Name Maps to the primary name or identifier of the web application.
Assets > Webapp Homepage Screenshot Url None
Finding Attributes (Common) Same as in Device (Common Finding Attributes) None
Finding Attributes (WebApp Specific) Findings > URL Maps The specific URL or endpoint where the finding was detected.

Resources (Cloud) Mapping

Attributes in Source File Available Mapping Options in Tenable Exposure Management Notes
Asset Attributes (Common) Same as Device (Custom Attributes, Tags, Dates) None
Asset Attributes (Cloud Resources Specific) Assets > Asset Name None
Assets Cloud Provider Maps the service provider (e.g., AWS, Azure, GCP).
AssetsCloud Resource Type Maps the type of resource (e.g., S3 Bucket, Azure VM, GCP Instance).
Assets External Identifier Maps a unique identifier, typically the ARN or equivalent ID from the cloud provider.
Finding Attributes (Common) Same as in Device (Common Finding Attributes) None

Code Repository Mapping

Attributes in Source File Available Mapping Options in Tenable Exposure Management Notes
Asset Attributes (Common) Same as Device (Custom Attributes, Tags, Dates) None
Asset Attributes (Code Repository Specific) Assets > Asset Name None
Assets > Languages None
Assets > Last Commit Date None
Assets > Total Commits None
Assets > Contributors None
Assets > Owners None
Assets > Visibility Maps code repository access: Private or Public.
Assets > Asset Status Maps code repository status: Active, Archived, or Deleted.
Assets > Infrastructure Tools Maps infrastructure: Terraform, CloudFormation, Kubernetes YAML, or ARM.
Assets > Cloud Provider Name Maps the service provider, for example, AWS, Azure, or GCP.
Assets > Cloud Instance ID Maps a unique identifier, typically the ARN or equivalent ID from the cloud provider.
Finding Attributes (Common) Same as in Device (Common Finding Attributes) None
Finding Attributes (Code Repository Specific) Findings > Finding Type None
Findings > Finding Name None
Findings > Finding Category Maps the finding type: SAST, SCA, License, or IaC.
Findings > Vulnerability Published At Maps the vulnerability publish date.
Findings > Code Branch None
Findings > Code File Path None
Findings > Code Line Number None
Findings > Source Code Package Name None
Findings > Source Code Package Version None
Findings > Source Code Package Manager None
Findings > Score Maps the vendor finding score.
Findings > Solution Maps the vendor recommendation for the fix.
Findings > State None
Findings > Last Fixed At None
Findings > Proof None
Findings > Detection ID None
Findings > CVSS3 Base Vector None
Findings > Origin Finding URL Maps the issue page or vendor URL.