Configure Tenable Vulnerability Management

Before you begin:

  • Install the Tenable Plugin for JIRA.
  • In JIRA, you must have administrative access privileges.
  • In JIRA, identify or create the project where you want the plugin to create vulnerability issues.

Note: While configuring Tenable Vulnerability Management or Tenable Security Center for Jira, if you select Asset in the Group By drop-down for every vulnerability, the integration creates a vulnerability issue and a blocking link to the related vulnerable host. The integration creates a linked issue under the vulnerability host issue.

For Tenable Vulnerability Management:

Required User Role: Basic User

Note: The Tenable for Jira integration works with a Basic User with Can View permissions on the assets it needs to export For more information on Tenable Vulnerability Management permissions and user roles, refer to Permissions in the Tenable Developer Portal.

  • You must have your Tenable Vulnerability Management API keys.

    Note: For your Tenable Vulnerability Management integration:

    • Generate an API key in Tenable Vulnerability Management to complete the configuration.  See the Tenable Vulnerability Management user guide for instructions on how to generate an API key. (Do not use this API key for any other third party or custom-built application or integration. It must be unique for each installed instance of the integration.)

To configure Tenable Vulnerability Management:

  1. Log in to JIRA.
  2. Click > Add-ons.

  3. In the left navigation pane, click Tenable.io Configuration.

    The Tenable.io Configuration page appears.

  4. Use the following table to fill in the appropriate JIRA options.

    Option Name Description Input
    Enabled

    (Optional) When enabled, Tenable Vulnerability Management starts collecting data. When disabled, Tenable Vulnerability Management stops collecting data.

    Note: If you stop data collection, then start it again, Tenable Vulnerability Management provides data from the point where you previously stopped.

    		 Checkbox
    Address The data collection source. IP address or hostname
    Access Key Ensures user account authentication. User access key
    Secret Key Ensures user account authentication User secret key
    Sync Since

    (Optional) Specifies the start date of the vulnerability data you want to collect from Tenable Vulnerability Management. If you do not specify a start date, data collection starts from the last date you last enabled data collection.

    Caution: If this option is changed, you must click the Reset Add-on button to save this change.

    Date

    mm/dd/yyyy hh:mm
    Lowest Severity to Store Specifies the lowest level of severity of the vulnerabilities you want to collect from Tenable Vulnerability Management.

    Tenable Vulnerability Management severity levels include the following:

    • info - The vulnerability has a CVSS score of 0
    • low - The vulnerability has a CVSS score between -0.1 and 3.9.
    • medium - The vulnerability has a CVSS score between 4.0 and 6.9.
    • high - The vulnerability has a CVSS score between 7.0 and 9.9.
    • critical - The vulnerability has a CVSS score of 10.0.
    		 Drop-down box
    Interval Specifies the interval, in minutes, at which JIRA queries Tenable Vulnerability Management for vulnerability data. This interval must be set between 60 and 1,440 minutes. Minutes
    Group By

    Specifies the grouping mechanism to use when creating JIRA tickets.

    • Vulnerability - Grouped by vulnerability ticket.

    • Asset - Grouped by asset ticket.

    Note: This drop-down is only enabled if you choose a new project in the Default Project drop-down.

    		 Drop-down box
    Default Project

    Specifies the project where JIRA creates new vulnerability issues.

    Caution: If you change this option after initial configuration, you must click Reset Add-On to save your change.

    		 Drop-down box
    Default User

    Specifies the user to whom the plugin automatically assigns the vulnerability issues.

    Note: The list only displays users that are members of the following groups: jira-administrators, jira-software-users, jira-core-users, and jira-servicedesk-users.

    		 Drop-down box
    Default Reporter

    Specifies the owner of all items in Jira created from add-on.

    Note: The list only displays users that are members of the jira-administrators group.

    		 Drop-down box
    Enable Proxy

    (Optional) Enables the plugin to collect Tenable Vulnerability Management data via a proxy server.  If you select this option, the plug- in prompts you to enter the following:

    • URL - (Required) The URL of the proxy server.
    • Username - (Optional) The username that JIRA uses to connect to the proxy server.
    • Password - (Optional) The password that JIRA uses to connect to the proxy server.

     

    Note: The username and password are optional if you use a proxy without authentication.

    		 Checkbox and text boxes
  5. Click Save, or if you have changed the Default Project or Sync Since options, click Reset Add-on.
  6. Once the configuration is saved, the plugin creates custom fields in JIRA.