Available Data Tenable Security Center
Tenable Security Center Asset Import Data Map
Logic for mapping Tenable Security Center Assets to ServiceNow Configuration Items.
Asset import sequence:
- ServiceNow queries Tenable Security Center for assets.
-
Data is attached to ServiceNow Job Chunk.
-
Data is transformed into a format useable for ServiceNow Identification and Reconciliation Engine (IRE).
- Data is submitted to IRE which creates CIs in CMDB.
Data Transformation in ServiceNow
For each Asset imported from Tenable Security Center into ServiceNow, multiple records are created.
Main CI
A main CI record (cmdb_ci_incomplete_ip, cmdb_ci_unclassed_hardware, or cmdb_ci_computer) is created for every Tenable Security Center Asset imported into ServiceNow.
ServiceNow Field | Details (Tenable Security Center fields in bold) | CMDB Class |
---|---|---|
Class |
|
All classes |
Name |
|
All classes |
Description | Information about how name was identified | All classes |
Discovery Source | “SG-TenableForAssets” | All classes |
Tenable Asset Attributes | Reference to Tio CMDB Asset Attributes table with Tenable Security Center specific fields | Computer and Unclassed Hardware classes only |
Mac Address | macAddress | Computer and Unclassed Hardware classes only |
Operating System | osCPE | Computer class only |
Name | ip | Incomplete IP class only |
Network Partition Identifier | repository_name | Incomplete IP class only |
Fully Qualified Domain Name | dnsName | Computer class |
Child Network Adapter CIs
Related Network Adapter CI records (cmdb_ci_network_adapter) are NOT created for Tenable Security Center Assets since there is no network interface information pulled from Tenable.
Child IP Address CIs
Related IP Address CI records (cmdb_ci_ip_address) are created for each IP address associated with a Main CI.
ServiceNow field | Details (Tenable Security Center fields in bold) |
---|---|
Class | “IP Address” |
Name |
ip |
IP Address |
ip |
IP Version | “4” |
Network Partition Identifier | repository.name |
Discovery Source | “SG-TenableForAssets” |
Tenable Asset Attributes Records
A Tenable Asset Attributes record (x_tsirm_tio_cmdb_asset_attributes) is created for every Main CI.
ServiceNow filed | Details (Tenable Security Center fields in bold) |
---|---|
Hostname | Main CI name |
Connector | Reference to connector record |
SC Uniqueness |
|
OS CPE | osCPE |
Repository Data Format | repository.dataFormat |
Sources | “SC for” + Tenable App Name |
Source Native Key |
|
Attributes | Raw JSON Data in ServiceNow format |
Name | Connector.Name ": " + SC Uniqueness |
Related CI | Reference to Main CI |
CMDB Relationship Records
A CMDB Relationship record (cmdb_rel_ci) is created for every parent/child relationship between the Main CI and a Network Adapter CI or an IP Address CI.
ServiceNow field | Details |
---|---|
Parent | Reference to Main CI |
Child | Reference to Network Adapter or IP Address CI |
Type | “Owns::Owned by” |
Discovery Source Records
A Discovery Source record (sys_object_source) is created for every new CI created in ServiceNow with information about the source and the unique identifier of the CI.
ServiceNow field | Details |
---|---|
ID | id |
Last Scan | Date/time of last Tenable Security Center import |
Target Sys ID | Reference to Main CI |
Target Table | Table of Main CI |
Name | “SG-TenableForAssets” |
Source Feed | “Tenable” |
API Calls to Tenable Security Center
Input: type, query, sortDir, sortField, sourceType, startOffset, endOffset
-
Example: {"type":"vuln","query":{"name":"","type":"vuln","tool":"sumip","description":"","context":"","groups":[],"startOffset":0,"endOffset":1500,"filters":[{"filterName":"repository","operator":"=","value":[{"id":"3","name":"Staged-Small","description":"","type":"Local","uuid":"5AEA0478-0F1A-4B02-87D6-1F6131443F9C"},{"id":"1","name":"Live","description":"","type":"Local","uuid":"504D0D4E-7A95-4AA8-BFC2-98009FE702E1"},{"id":"4","name":"Staged-Agents","description":"","type":"Local","uuid":"9F68370D-1EC9-4005-8555-23B1DF2FCF5B"}]},{"filterName":"lastSeen","operator":"=","id":"lastSeen","value":"1670364343-1670450742"}]},"sortField":"score","sortDir":"asc","sourceType":"cumulative"}
Output: Open link and review Example Response for possible asset values.