Assets Configuration and Schedule Import

Note: Tenable for Assets only supports Tenable.sc versions 5.7 and later.

The asset integration allows ServiceNow to retrieve and accurately match Tenable assets to your existing CIs. Tenable for VR and ITSM both rely on this app for finding the correct asset related to vulnerabilities from Tenable.

Note: It is important that you completely set up and tune this integration to match Tenable Assets to ServiceNow CIs before moving on to Tenable for VR or Tenable for Assets.

To set up the asset integration configuration, you must:

  1. Log in to ServiceNow.
  2. Go to the Tenable Connector Application.
  3. In the left-hand menu, click Tenable Connector.

  4. In the sub-menu, click Connectors.

    The Tenable Connectors page appears.

  5. Click the Tenable connector you want to use: Tenable.io or Tenable.sc.

    The Tenable Connector page appears.

  6. In the Scheduled Jobs section, click New.

    The Tenable Scheduled Import page appears. By default, the Tenable Product and Connector fields populate with the Tenable application/connector you selected in step 3.

  7. From the Tenable Application drop-down box, select Tenable for Assets.

    Tenable.io

    Tenable.sc

  8. From the Tenable Job Type drop-down box, select the appropriate job type.

  9. If you are in a domain-separated environment, in the Domain box, type the domain into which to bring connector data.

  10. (For Tenable.io) From the Import Export drop-down box, select Import. Import is selected by default.
  11. In the Name text box, type a unique name for this scheduled job.

  12. Configure the options for your import.

    Option Description
    Last Update Pull

    Sets a date and time for the next pull.

    Note: The scheduled job sets this field as it runs.

    Active If selected, an asset sync is automatically queued when you submit the import or export. Default setting: selected.
    Order Prioritizes when the import should run. (This option populates when you select the Tenable Application in step 6. However, you can modify it by typing in the text box.)
    Default Chunk Size The number of records pulled in segments during the import. (This option populates when you select the Tenable Application in step 6. However, you can modify it by typing in the text box.)
    SC Query (Only for Tenable.sc) Select the vulnerability detail type query to use for the import.
    Configuration  
    Record Update Sync Frequency

    The frequency of pulling assets (in minutes). The default setting is once a day (1,440 minutes).

    Note: This option is hard-coded and can only change via the code.
  13. Click Submit.

Note: Ensure that you accurately configure the assets. Asset configuration is key in making the integration work properly. Errors in these configuration steps affect all future configurations.  

Be sure to review the ServiceNow upgrade instructions to ensure the IRE works in your environment.

Note: By default, Tenable data updates CI fields on each import. If you are using ServiceNow Paris or later, you can use reconciliation rules to control what asset data updates.

  1. Log in to ServiceNow.
  2. In the left panel, in the Filter navigator, type "CI Class Manager."
  3. Click CI Class Manager.

    The CI Class Manager page opens.

  4. Click Open Hierarchy.

    The CI Classes panel opens.

  5. In the CI Classes panel, click Hardware (2032).

    The Hardware page appears.

  6. In the Class Info section, click Identification Rule.

    The Identification Rule page appears.

  7. Clone or edit the Serial Number rule.

    The Edit Identifier Entry window appears.

  8. Click Advanced Options.
  9. In the Advanced Options section, deselect the Enforce exact count match check box.
  10. Click Save.

    You return to the Identification Rule page.

  11. Clone or edit the Network Adapter rule.

    The Edit Identifier Entry window appears.

  12. Repeat steps 8-10 for the Network Adapter rule.

What to do next:

Ensure IRE rule changes are applied on the next import and clean the correlation data.

The following background scripts are examples that you can run to clean direct correlations between Tenable data, the CMDB, and IRE data. When you change the IRE rules to improve the match with third-party data to your existing ServiceNow CIs, you must apply the updated rules and clean up old relationships.

//Asset Attributes cleanup x_tsirm_tio_cmdb_asset_attributes
var assetInfo = new GlideMultipleDelete('x_tsirm_tio_cmdb_asset_attributes');
assetInfo.execute();
// Cleanup source uniqueness This will force IRE matching
var assetSysSource = new GlideMultipleDelete(“sys_object_source”);
assetSysSource.addQuery(“name”, “STARTSWITH”, “Tenable”);
assetSysSource.execute();

Note: You must have a license from ServiceNow to import OT devices from Tenable.ot. Refer to the OT Subscription Unit Overview in the ServiceNow documentation and contact your ServiceNow account team for details.

Before you begin:

  1. Submit a request to ServiceNow support to install the com.snc.itom.license plugin on your production instance. This allows ServiceNow to report on your OT assets.
  2. Run the fix script included in Tenable assets to register Tenable.ot as an asset source with ServiceNow.

To run the fix script for OT devices in the ServiceNow user interface:

  1. In the Filter navigator, type Fix Scripts.
  2. In the left-side navigation pane, click Fix Scripts.

    The page populates with available fix scripts.

  3. In the search box, search by name for Add Tenable.ot to ITOM License.

  4. In the search results, click Add Tenable.ot to ITOM License.

  5. In the upper-right, click Run Fix Script.

    The fix script runs.

Note: Work with your ServiceNow administrator to perform the following tasks. Use the information provided in the following process as a guideline. Your administrator can help with tuning the export to achieve your desired results.

Note: To sync assets from ServiceNow to Tenable.sc, see Configure CI to SC Asset Group.

  1. Log in to ServiceNow.
  2. In the left-hand menu, click Tenable Connector.

  3. In the sub-menu, click Connectors.

    The Tenable Connectors page appears.

  4. Click the Tenable connector you want to use: Tenable.io or Tenable.sc.

    The Tenable Connector page appears.

  5. In the Scheduled Jobs section, click New.

    The Tenable Scheduled Import page appears. By default, the Tenable Product and Connector fields populate with the Tenable application/connector you selected in step 3.

  6. From the Tenable Application drop-down box, select Tenable for Assets.

  7. From the Tenable Job Type drop-down box, select the appropriate job type.

  8. If you are in a domain-separated environment, in the Domain box, type the domain into which to bring connector data.

  9. (For Tenable.io) From the Import Export drop-down box, select Import. Import is selected by default.
  10. In the Name text box, type a name for the export.

  11. Configure the options for your export.

    Option Description
    Last Update Pull Sets a date and time for the next pull.
    Active If selected, an asset sync is automatically queued when you submit the import or export. Default setting: selected.
    Order The order that the import should run. (This option populates when you select the Tenable Application in step 6. However, you can modify it by typing in the text box.)
    Default Chunk Size The number of records pulled in segments during the import. (This option populates when you select the Tenable Application in step 6. However, you can modify it by typing in the text box.)
    Configuration  
    Record Update Sync Frequency

    The frequency of pulling assets (in minutes). The default setting is once a day (1,440 minutes).

    Note: This option is hard-coded and can only change via the code.
    Source table and Conditions

    Select source tables and use filter conditions to specify export information.
  1. Click Submit.

Verification

  1. Launch your Tenable user interface.

  2. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  3. In the left navigation plane, in the Asset View section, click Assets.

  4. Filter your assets by SourcecontainsServiceNow.

The ServiceNow option only shows up in the filter box if the integration was successful.

For more information on filtering assets, see View Assets in the Tenable.io documentation.