Install the Tenable App for Microsoft Sentinel

Required User Role: Basic User
Note: The Tenable integration with Microsoft Sentinel works with a Basic User if that user is assigned Can View permissions on the assets they are to export, along with Can Use permissions on tags the assets are assigned. Without the Can Use tag permissions, the assets return undefined or the integration fails to export vulnerabilities if a tag filter is used. For more information on Tenable Vulnerability Management permissions and user roles, refer to Permissions in the Tenable Developer Portal.

The Tenable App for Microsoft Sentinel combines Tenable's Cyber Exposure insights with Sentinel's collection, detection, and investigation capabilities. This integration supports Tenable Vulnerability Management and exports asset and vulnerability data from Tenable Vulnerability Management directly to Microsoft Sentinel.

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM), and security orchestration automated response (SOAR) solution. For more information about Microsoft Sentinel, see the Microsoft documentation.

Before you begin:

  • You must have a Logs Analytics Workspace with Microsoft Sentinel enabled in your Azure subscription.
  • For assistance with launching Microsoft Sentinel, see the Microsoft Sentinel quick start guide.
  • Resource Group (This requires Microsoft Sentinel Contributor Role at Subscription Level.)

Caution:Tenable recommends you deploy the latest version of the Tenable App (v3.1.0) in a new Microsoft Sentinel workspace rather than upgrading the existing one. Version 3.1.0 supports the Log Ingestion API, which requires the use of Data Collection Rules (DCR) and Data Collection Endpoints (DCE). Since table names are tied to specific DCRs, the tables used in the previous app version cannot be reused.

What to do next (do one of the following):