Tenable One Open Connector

The following is not supported in Tenable FedRAMP Moderate environments. For more information, see the Tenable FedRAMP Product Offering.

About the Tenable One Open Connector

The Tenable One Open Connector enables you to ingest asset and vulnerability data from third-party sources into the Tenable Exposure Management platform through a streamlined flat file upload interface. This self-service connector acts as a normalization layer, transforming raw data into a unified format that aligns with Tenable's asset and finding models.

Unlike predefined connectors, the Tenable One Open Connector gives you control over field mapping, deduplication logic, and data categorization.

Usage and Supported Files

Use the Tenable One Open Connector when you need to:

  • Upload external data for proof-of-concept evaluations.

  • Import penetration test findings from third-party reports.

  • Ingest data from security vendors that do not yet have a native connector in TenableTenable Exposure Management.

The Tenable One Open Connector supports the following file formats and data types:

  • File types: CSV, Excel (.xlsx), or ZIP (must contain only one file)

  • Maximum file size: 2 GB

  • Supported asset types:

    • Devices

    • Containers

    • Resources (Cloud)

    • Web Applications

The following steps allow you to configure this connector for use with Tenable Exposure Management from start to finish.

Add a Connector

To add a new connector:

  1. In the left navigation menu, click Connectors.

    The Connectors page appears.

  2. In the upper-right corner, click Add new connector.

    The Connector Library page appears.

  3. In the search box, type the name of the connector (i.e.,Open Connector). Alternatively, locate the connector in the Custom section.

  4. On the Tenable One Open Connector tile, click Connect.

    The connector configuration options appear.

Configure the Connector

To set up the connector:

  1. On the Connector details page, modify the Connector Name and Description to reflect the nature of the uploaded data.

  2. In the Data pulling configuration section, click Upload and Map File.

    A file explorer window appears.

  3. Browse to and select a supported file format (CSV, Excel, or ZIP containing a single file).

    Once the upload is complete, a data preview appears.

  4. (Optional) To replace the file, click Replace file and upload a new one. You can only upload one file at a time.

    Note: The system does not support delta uploads. Each new file fully replaces the previous one.

    Tip: To learn more about how file replacement works, see Upload a New File.

  5. On the preview page, click the Asset Type drop-down.

  6. From the drop-down menu, select the relevant asset type:

    • Devices

    • Containers

    • Web Applications

    • Resources (Cloud)

  7. Click Next.

    Note: This selection defines the tenable mapping attributes available in the next step.

    The mapping page appears.

  8. Define how the connector interprets and aligns your source data with Tenable Exposure Management standardized data model:

    Note: This mapping process ensures that the asset and vulnerability data you import is normalized and usable within the Tenable Exposure Management platform.

    1. Review the auto-suggested mappings and consider to manually adjust the mapping as needed. You must map the mandatory fields (like Asset Name or Finding ID) to continue.

    2. (Optional) Use the + button to add new mappings.

      TIP: To learn about the expected behavior and logic rules of how source file columns are mapped to Tenable Exposure Management, see Tenable One Open Connector Mapping .

    3. Click Save and continue.

      The Data Aggregation and Uniqueness page appears.

      Note: Tenable One Open Connector allows you to define custom uniqueness criteria. You can tailor the Data Aggregation and Uniqueness settings to ensure Tenable Exposure Management correctly identifies your specific assets and findings as new records or updates.

  9. On the Data Aggregation and Uniqueness page, fill in the answers for the required questions:

    Question Description
    Which field(s) uniquely identify a single asset?

    Define what constitutes a unique device or resource in your file (e.g., using Asset ID alone, or a composite key like Asset Name + IP Address). This ensures that multiple rows referencing the same device are consolidated into one single asset record for de-duplication.
    Which field(s) uniquely define a weakness?

    Define which fields determines a unique security issue (the 'vulnerability'). This ensures a correct aggregation of all instances of that weakness across your entire asset inventory.

    Which field(s) uniquely define a finding?

    A finding is the combination of a unique asset and a unique weakness, plus any extra context. This key defines the single instance of a detection (e.g., CVE-123 on Server-A, Port 80).This field is automatically pre-populated with the unique key fields selected in Question 1 (Asset) and Question 2 (Weakness). You can then add fields like Port or Protocol to make the Finding more granular. If you want to change the foundational keys, you must change your answers to Question 1 or 2 first.
    Which Tenable Exposure Category best describes the data in this file?

    Tenable Exposure Management

    calculates the Asset Exposure Score (AES) using specialized risk models designed for Vulnerability Management (VM), Cloud Security Posture (CSP), Web Applications or Operational Technologies (OT). By selecting the category that best fits your file's data, you ensure your risk is calculated accurately according to the platform's established scoring methodology.

    Note: If your data does not align with one of the available categories, the system will not be able to calculate the specific AES for those assets.

  1. Click Save.

    The main setup page appears.

  2. In the Asset Retention text box, type the number of days after which you want assets to be removed from Tenable Exposure Management. The default is 460 days. Exposure Management determines the removal date based on the data available in your uploaded file.

    Tip: To learn more, see How does Asset Retention work in Tenable One Open Connector?

  3. Click Create & Sync .

    The data begins syncing, and the platform reflects the changes after processing completes.

Upload a New File

Once a file has been uploaded and processed in the Tenable One Open Connector, you can replace it by uploading a new file. This section explains how Tenable Exposure Management handles this override, how to update your field mappings, and how uniqueness logic is applied during subsequent uploads.

Important! The new file fully replaces the old one. Only one file can exist at a time.

To replace a file:

  1. Click the connector name.

    The previously uploaded file appears in the Data Pulling Configuration section, along with the connector name, description, and retention settings.

  2. Click Upload new file.

    Important! The asset type selected in the initial setup (for example, Devices, Web Applications) is locked. If your new file contains a different asset type, you must create a new connector instance.

    The Map Attributes page opens. Tenable Exposure Management compares the new file structure with the previous one and responds accordingly.

    The table below describes the expected behavior for various source file states and the actions required to update your data mapping.

    Source File State Expected Behavior Action Required
    No structural change to the file

    Tenable Exposure Management displays the previous mapping automatically.

    		You can review the mapping modify if needed.
    New columns added

    Tenable Exposure Management displays the new columns in the New column section.

    		Map the new columns as needed or leave them unmapped.

    Columns missing from new file

    (The new file does not include columns that existed in the original file.)

    Non-mandatory columns (not used in uniqueness logic) — These columns are highlighted in blue. If you proceed with the configuration without mapping the columns, Tenable Exposure Management silently removes them from the saved mapping.

    Note: Previously ingested data from these missing columns is discarded during the next sync. Tenable Exposure Management does not retain or backfill data from the old file.

     

    None
    Mandatory columns (columns used in uniqueness criteria) — These columns are highlighted in red and block the flow. These fields were previously defined for Data Aggregation and Uniqueness and are essential for maintaining asset uniqueness and preventing data duplication, ensuring smooth and consistent processing in Tenable Exposure Management.

    To proceed with the configuration and enable the Next button, you must remap the mandatory columns using available columns from the newly uploaded file.

    Tip: This ensures that the deduplication and merging logic remains consistent and valid even after a structure change.

  1. Once you map the required columns, the Data Aggregation and Uniqueness page appears. Confirm the uniqueness logic, noting the following:

    • If new columns have replaced previously used unique identifiers, you must define how the new combination uniquely identifies assets and/or findings.

    • If the uniqueness logic changes in the re-upload, the new uniqueness criteria is used from the current upload forward. Previously processed data remains unchanged. Exposure Management does not retroactively reprocess past uploads.

  1. Once you confirm the mapping and uniqueness, review the Exposure Category and update if necessary.

  2. Click Update & Sync.

    Tenable Exposure Management syncs the new data. Once processing is complete, the changes appear in the user interface.

  3. (Optional) On the main connector setup page, view the connector logs to review any changes.

    Note: The Connector Logs becomes available. The log appears only after a second upload is complete to help you review changes. To learn more, see Tenable One Open Connector Logs.

Remap a File

The Remap Columns option lets you revise mappings without changing the file.

  1. Click the connector name.

    The previously uploaded file appears in the Data Pulling Configuration section, along with the connector name, description, and retention settings.

  2. Click Remap columns.

    The Mapping page opens.

  3. Take the following actions as needed:

    • Update mappings: Adjust your mappings to align with any changes in the file structure or data format.

    • Map mandatory fields: Ensure all mandatory fields (highlighted) are mapped. You cannot save the configuration until these fields are mapped.

    • Update uniqueness criteria: Modify the uniqueness criteria if your requirements have changed. Tenable Exposure Management prompts you to confirm these new criteria on the next screen.

  4. Click Update & Sync.

    The sync process begins.

Expected Post-Sync Behavior

  • Your updated data is processed and displayed in Tenable Exposure Management.

  • Previously stored values from removed non-mandatory fields are discarded and no longer visible.

  • Previously defined uniqueness criteria are replaced with your new configuration and applied only to the new data going forward.

  • The remap flow does not retroactively affect data already ingested using prior uniqueness logic. Only new uploads follow the updated criteria.

Support Limitations and Expected Behavior

This section outlines any irregularities, expected behaviors, or limitations related to integration of the connector and Exposure Management. It also highlights details about ingested and non-ingested data to clarify data handling and functionality within this integration.

  • API-based integrations are not supported in this version. Data ingestion is currently limited to file uploads.

  • Only English-language column names and values are supported. Files containing other languages are not mapped.

  • Identity Exposure category is not supported at this time.

  • Only one file can be active at a time. Uploading a new file replaces the existing dataset.

Tenable One Open Connector Data in Tenable Exposure Management

Locate Connector Assets in Tenable Exposure Management

As the connector discovers assets, Tenable Exposure Management ingests those devices for reporting.

To view assets by connector:

  1. In Tenable Exposure Management, navigate to the Assets page.

  2. In the Filters section, under Custom, click the connector name for which you want to view assets.

    The asset list updates to show only assets from the selected connector.

  3. Click on any asset to view Asset Details.

Locate Connector Weaknesses in Tenable Exposure Management

As the connector discovers weaknesses, Tenable Exposure Management ingests those weaknesses for reporting.

To view weaknesses by connector: 

  1. In Tenable Exposure Management, navigate to the Weaknesses page.

  2. In the Filters section, under Custom, click the connector name for which you want to view weaknesses.

    The weaknesses list updates to show only weaknesses from the selected connector.

  3. Click on any weakness to view Weakness Details.

Locate Connector Findings in Tenable Exposure Management

As the connector discovers individual findings, Tenable Exposure Management ingests those findings for reporting.

To view findings by connector:

  1. In Tenable Exposure Management, navigate to the Findings page.

  2. In the Filters section, under Custom, click the connector name for which you want to view findings

    The findings list updates to show only assets from the selected connector.

  3. Click on any asset to view Finding Details.

Read More: