Configure the Tenable Vulnerability Management Data Collector App

You can configure the Microsoft Azure Sentinel data collector to allow you to bring in Tenable Vulnerability Management assets and vulnerabilities into Sentinel for better risk management. This integration uses the Microsoft Azure Sentinel data collector framework and Azure functions to collect and insert data into Sentinel.

Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM), and security orchestration automated response (SOAR) solution. For more information about Microsoft Sentinel, see the Microsoft documentation.

Required User Role: Basic User

Note: The Tenable integration with Microsoft Azure Sentinel works with a Basic User if that user is assigned Can View permissions on the assets they are to export, along with Can Use permissions on tags the assets are assigned. Without the Can Use tag permissions, the assets return undefined or the integration fails to export vulnerabilities if a tag filter is used. For more information on Tenable Vulnerability Management permissions and user roles, refer to Permissions in the Tenable Developer Portal.

Before you begin:

Note: The Microsoft Azure Sentinel integration does not export fixed vulnerabilities.

  1. In your newly created Tenable App, click Tenable.io Vulnerability Management (using Azure Function) in the content list.

  2. Select the name of the connector and in the bottom-right corner, click Open connector page.

  3. Deploy the ARM template by clicking Deploy to Azure.

  4. Select the Resource Group and populate the remaining four fields.

    Note: The Tenable export schedule is set for every 24 hours (1440 minutes) by default. This can be adjusted to suit the requirements needed to gather asset and vulnerability data in a timely manner.

  5. Once all fields have been populated, click Review + create.

  6. The fields are finalized. Click Create.

  1. Once the deployment has been completed, click Go to Resource Group to see the resources that have been created.

  2. The app populates the following resources:

    Note: The app may take up to ten minutes to populate the resources.

  3. In the Function App, verify that you can see the listed functions: