Configure the Tenable Connector

The Tenable Connector provides all API interactions between your Tenable applications (OT Security, Tenable Vulnerability Management, or Tenable Security Center) and ServiceNow instance.

Note: In ServiceNow, you must have the x_tsirm_api_access admin role to perform the basic connector setup process.

Note: The ServiceNow configuration only supports Tenable Security Center versions 5.7 and later.

Before you begin:

For Tenable Vulnerability Management:

Required User Role: Administrator or Scan Manager

  • You must have your Tenable Vulnerability Management API keys.

    Note: For your Tenable Vulnerability Management integration:

    • Generate an API key in Tenable Vulnerability Management to complete the configuration.  See the Tenable Vulnerability Management user guide for instructions on how to generate an API key. (Do not use this API key for any other third party or custom-built application or integration. A unique API key is a requirement for each installed instance of the integration.)

For Tenable Security Center:

Required User Role: Security Analyst

For OT Security:

Required User Role: Read Only

To configure the Tenable connector for Tenable Vulnerability Management, Tenable Security Center, or OT Security:

  1. Log in to ServiceNow.
  2. In the left navigation pane, click Tenable Connector > Connectors.

    The Tenable Connectors page appears.

  3. Click New.
  4. From the Tenable Product drop-down box, select Tenable.ot, Tenable.io, or Tenable Security Center.

  5. If you are in a domain-separated environment, in the Domain box, type the domain into which to bring connector data.

  6. Select the Active check box.
  7. In the Scheduled Job Run As box, type the username of the user with which you want to import data.

    Note: If you are in a domain-separated environment, this field is a requirement. The user must be part of the domain specified in step 5.

  8. In the Name text box, type a name for the connector.
  9. Complete the configurations for your selected Tenable application.

    Tip: To save your selected configuration options without navigating away from the page:

    1. Right click in the top menu that contains the Tenable Connector heading and menu.

      A list of options appears.

    1. Click Save.
  10. (Optional) In the General Settings section, you can specify your Max ECC Wait Time (in seconds) and Request Timeout (in seconds) for each of your configured connectors.
  11. In the Asset Settings section, you can set the Asset Logging Level, Asset Max Cumulative Log Entries, and Asset Max Cumulative Log Sizes. The default setting for the logging levels is Errors Only.
  12. In the Additional Asset Settings section, you can set New Record Sync Frequency (in minutes), Record Update Sync Frequency (in minutes), Asset Max Job Log (in days), and Asset Max Job Wait (in days).

Note: You may have more settings options on your connector page depending on the Tenable applications you have installed (For example, Service Graph Connector for Tenable for Assets [Assets Settings], OT Security for VR [VR Settings], and Tenable ITSM [ITSM Settings]).

Note: For more information about ServiceNow settings, see the ServiceNow documentation.

  1. Click Update.
  2. Click Test the Connector.

    Note: If the connector test fails, check your username, password, and API Keys and retest the connector.