Security Hub

Through the use and configuration of the Tenable Vulnerability Management to AWS Security Hub Transformer, Tenable Vulnerability Management can send vulnerabilities to AWS Security Hub. This tool consumes Tenable Vulnerability Management asset and vulnerability data, transforms that data into the AWS Security Hub Finding format, and then uploads the resulting data into AWS Security Hub.

Note: The script does not need to be run in AWS.

The tool can be run either as a one-shot docker container or as a command line tool:

  • To run as a docker image, you must build the image and then pass the necessary secrets on to the container.
  • To run as a command line tool, you must install the required python modules and then run the tool using either environment variables or by passing the required parameters as run-time parameters.

Requirements

  • Tenable Vulnerability Management account
  • Tenable Vulnerability Management AWS connector enabled and configured
  • AWS Security Hub
  • Tenable Vulnerability Management Provider enabled and configured in Security Hub