Available Data Tenable Security Center

Tenable Security Center Asset Import Data Map

Logic for mapping Tenable Security Center Assets to ServiceNow Configuration Items.

Asset import sequence:

  1. ServiceNow queries Tenable Security Center for assets.

  2. Data is attached to ServiceNow Job Chunk.

  3. Data is transformed into a format useable for ServiceNow Identification and Reconciliation Engine (IRE).

  4. Data is submitted to IRE which creates CIs in CMDB.

Data Transformation in ServiceNow

For each Asset imported from Tenable Security Center into ServiceNow, multiple records are created.

Main CI

A main CI record (cmdb_ci_incomplete_ip, cmdb_ci_unclassed_hardware, or cmdb_ci_computer) is created for every Tenable Security Center Asset imported into ServiceNow.

ServiceNow Field Details (Tenable Security Center fields in bold) CMDB Class
Class

  • Incomplete IP Identified Device

    If ip is received from Tenable Security Center.

  • Unclassed Hardware

    If 1, plus dnsName or netbiosNames are received from Tenable Security Center.

  • Computer

    If 2, plus osCPE are received from Tenable Security Center.

 All classes
Name

  1. netbiosName

  2. fqdn

  3. dnsName

  4. ip

  5. macAddress

All classes
Description Information about how name was identified All classes
Discovery Source “SG-TenableForAssets” All classes
Tenable Asset Attributes Reference to Tio CMDB Asset Attributes table with Tenable Security Center specific fields Computer and Unclassed Hardware classes only
Mac Address macAddress Computer and Unclassed Hardware classes only
Operating System osCPE Computer class only
Name ip Incomplete IP class only
Network Partition Identifier repository_name Incomplete IP class only
Fully Qualified Domain Name dnsName Computer class

Child Network Adapter CIs

Related Network Adapter CI records (cmdb_ci_network_adapter) are NOT created for Tenable Security Center Assets since there is no network interface information pulled from Tenable.

Child IP Address CIs

Related IP Address CI records (cmdb_ci_ip_address) are created for each IP address associated with a Main CI.

ServiceNow field Details (Tenable Security Center fields in bold)
Class “IP Address”
Name

ip

IP Address

ip

IP Version “4”
Network Partition Identifier repository.name
Discovery Source “SG-TenableForAssets”

Tenable Asset Attributes Records

A Tenable Asset Attributes record (x_tsirm_tio_cmdb_asset_attributes) is created for every Main CI.

ServiceNow filed Details (Tenable Security Center fields in bold)
Hostname Main CI name
Connector Reference to connector record
SC Uniqueness

  1. uniqueness

  2. hostUniqueness

OS CPE osCPE
Repository Data Format repository.dataFormat
Sources “SC for” + Tenable App Name
Source Native Key

  1. uniqueness

  2. hostUniqueness

Attributes Raw JSON Data in ServiceNow format
Name Connector.Name ": " + SC Uniqueness
Related CI Reference to Main CI

CMDB Relationship Records

A CMDB Relationship record (cmdb_rel_ci) is created for every parent/child relationship between the Main CI and a Network Adapter CI or an IP Address CI.

ServiceNow field Details
Parent Reference to Main CI
Child Reference to Network Adapter or IP Address CI
Type “Owns::Owned by”

Discovery Source Records

A Discovery Source record (sys_object_source) is created for every new CI created in ServiceNow with information about the source and the unique identifier of the CI.

ServiceNow field Details
ID id
Last Scan Date/time of last Tenable Security Center import
Target Sys ID Reference to Main CI
Target Table Table of Main CI
Name “SG-TenableForAssets”
Source Feed “Tenable”

API Calls to Tenable Security Center

Request Analyst Results

Input: type, query, sortDir, sortField, sourceType, startOffset, endOffset

  • Example: {"type":"vuln","query":{"name":"","type":"vuln","tool":"sumip","description":"","context":"","groups":[],"startOffset":0,"endOffset":1500,"filters":[{"filterName":"repository","operator":"=","value":[{"id":"3","name":"Staged-Small","description":"","type":"Local","uuid":"5AEA0478-0F1A-4B02-87D6-1F6131443F9C"},{"id":"1","name":"Live","description":"","type":"Local","uuid":"504D0D4E-7A95-4AA8-BFC2-98009FE702E1"},{"id":"4","name":"Staged-Agents","description":"","type":"Local","uuid":"9F68370D-1EC9-4005-8555-23B1DF2FCF5B"}]},{"filterName":"lastSeen","operator":"=","id":"lastSeen","value":"1670364343-1670450742"}]},"sortField":"score","sortDir":"asc","sourceType":"cumulative"}

Output: Open link and review Example Response for possible asset values.