Tenable One Open Connector Mapping
Mapping Behavior and Limitations
This section outlines the expected behavior and logic rules that govern how source file columns are mapped to Tenable Exposure Management attributes during the Tenable One Open Connectorconfiguration process.
These rules ensure consistent data transformation, populate fields accurately, and prevent unintended data loss. To successfully configure a data import using the Tenable One Open Connector, you must understand the logic behind standard one-to-one mappings, supported exceptions, and constraints that Tenable Exposure Management enforces.
Many-to-One Mapping Exceptions (Multi-Value Fields)
By default, if you map multiple source columns to a single-value Tenable Exposure Management attribute, the last mapped column overwrites previous values. However, the following fields accept data from multiple source columns and concatenate the values.
| Supported Multi-Value Tenable Exposure Management Fields | Ingestion Example |
|---|---|
|
If you map several source columns (for example, ip1, ip2, and ip3) to Asset > IPs, Tenable Exposure Management concatenates the values into a comma-separated list during ingestion. |
External Tags Prefixing Behavior
Tenable Exposure Management automatically adds context to mapped external tags.
| Expected Behavior | Purpose | Example |
|---|---|---|
|
When you map any column to Assets > External Tags, Tenable Exposure Management adds the source column name to the tag value. |
This enables better filtering and traceability in Tenable Exposure Management. |
If the column Business_Unit contains Finance, it becomes: Business_Unit: Finance. |
Mandatory Fields
To proceed with syncing the connector, you must define certain mandatory fields. These fields vary based on the selected asset type.
For Assets:
| Asset Type | Required Fields |
|---|---|
| Device |
At least one of the following:
|
| Container | Assets > Asset Name |
| Web Applications | Assets > Asset Name |
| Resource (Cloud) | Assets > Asset Name |
| Code Repository | Assets > Asset Name |
For Findings:
| Attribute | Required Fields |
|---|---|
| Finding Attributes (Common) |
Severity |
| Findings > Finding Name | Finding Name |
Mapping Reference Tables
The following reference tables displays the available mapping options when configuring the Tenable One Open Connector. They are designed to help you align your source file columns with the correct Tenable Exposure Management attributes based on the selected asset type.
Tip: For full setup instructions and usage details, seeTenable One Open Connector.
Device Mapping
Web Applications Mapping
| Attributes in Source File | Available Mapping Options in Tenable Exposure Management | Notes |
|---|---|---|
| Asset Attributes (Common) | Same as in Device (Common Finding Attributes) | None |
| Asset Attributes (WebApp Specific) | Assets > Asset Name | Maps to the primary name or identifier of the web application. |
| Assets > Webapp Homepage Screenshot Url | None | |
| Finding Attributes (Common) | Same as in Device (Common Finding Attributes) | None |
| Finding Attributes (WebApp Specific) | Findings > URL | Maps The specific URL or endpoint where the finding was detected. |
Resources (Cloud) Mapping
| Attributes in Source File | Available Mapping Options in Tenable Exposure Management | Notes |
|---|---|---|
| Asset Attributes (Common) | Same as Device (Custom Attributes, Tags, Dates) | None |
| Asset Attributes (Cloud Resources Specific) | Assets > Asset Name | None |
| Assets > Cloud Provider | Maps the service provider (e.g., AWS, Azure, GCP). | |
| Assets > Cloud Resource Type | Maps the type of resource (e.g., S3 Bucket, Azure VM, GCP Instance). | |
| Assets > External Identifier | Maps a unique identifier, typically the ARN or equivalent ID from the cloud provider. | |
| Finding Attributes (Common) | Same as in Device (Common Finding Attributes) | None |
Code Repository Mapping
| Attributes in Source File | Available Mapping Options in Tenable Exposure Management | Notes |
|---|---|---|
| Asset Attributes (Common) | Same as Device (Custom Attributes, Tags, Dates) | None |
| Asset Attributes (Code Repository Specific) | Assets > Asset Name | None |
| Assets > Languages | None | |
| Assets > Last Commit Date | None | |
| Assets > Total Commits | None | |
| Assets > Contributors | None | |
| Assets > Owners | None | |
| Assets > Visibility | Maps code repository access: Private or Public. | |
| Assets > Asset Status | Maps code repository status: Active, Archived, or Deleted. | |
| Assets > Infrastructure Tools | Maps infrastructure: Terraform, CloudFormation, Kubernetes YAML, or ARM. | |
| Assets > Cloud Provider Name | Maps the service provider, for example, AWS, Azure, or GCP. | |
| Assets > Cloud Instance ID | Maps a unique identifier, typically the ARN or equivalent ID from the cloud provider. | |
| Finding Attributes (Common) | Same as in Device (Common Finding Attributes) | None |
| Finding Attributes (Code Repository Specific) | Findings > Finding Type | None |
| Findings > Finding Name | None | |
| Findings > Finding Category | Maps the finding type: SAST, SCA, License, or IaC. | |
| Findings > Vulnerability Published At | Maps the vulnerability publish date. | |
| Findings > Code Branch | None | |
| Findings > Code File Path | None | |
| Findings > Code Line Number | None | |
| Findings > Source Code Package Name | None | |
| Findings > Source Code Package Version | None | |
| Findings > Source Code Package Manager | None | |
| Findings > Score | Maps the vendor finding score. | |
| Findings > Solution | Maps the vendor recommendation for the fix. | |
| Findings > State | None | |
| Findings > Last Fixed At | None | |
| Findings > Proof | None | |
| Findings > Detection ID | None | |
| Findings > CVSS3 Base Vector | None | |
| Findings > Origin Finding URL | Maps the issue page or vendor URL. |