Configure the Tenable Connector

The Tenable Connector provides all API interactions between your ServiceNow instance and Tenable.io/Tenable.sc for the Tenable suite of ServiceNow applications.

Note: You must be logged in with a ServiceNow account that has the x_tsirm_api_access admin role to perform the basic connector setup process.

Note: The ServiceNow configuration only supports Tenable.sc versions 5.7 and later.

Before you begin:

For Tenable.io:

Required User Role:Administrator

  • You must have your Tenable.io API keys.

    Note: For your Tenable.io integration:

    • You must generate an API key in Tenable.io to complete the configuration.  See the Tenable.io user guide for instructions on how to generate an API key. (Do not use this API key for any other third party or custom built application or integration. It must be unique for each installed instance of the integration.)

For Tenable.sc:

Required User Role: Security Analyst role.

To configure the Tenable connector for Tenable.io or Tenable.sc:

  1. Log in to ServiceNow.
  2. In the left navigation pane, go to Configuration > Connectors.

    The Tenable Connectors page appears.

  3. Click New.
  4. From the Tenable Product drop-down box, select Tenable.io or Tenable.sc.

  5. Select the Active check box.
  6. In the Name text box, type a name for the connector.
  7. Complete the configurations for your selected Tenable application.

    Tip: To save your selected configuration options without navigating away from the page:

    1. Right click in the top menu that contains the Tenable Connector heading and menu.

      A list of options appear.

    1. Click Save.
  1. In the General Settings section, you can specify your Max ECC Wait Time (in seconds) and Request Timeout (in seconds) for each of your configured connectors.
  2. In the Asset Settings section, you can set the Asset Logging Level, Asset Max Cumulative Log Entries, and Asset Max Cumulative Log Sizes. The default setting for the logging levels is Errors Only.
  3. In the Additional Asset Settings section, you can select CI Classes to Ignore. Options are also available to set New Record Sync Frequency (in minutes), Record Update Sync Frequency (in minutes), Asset Max Job Log (in days), and Asset Max Job Wait (in days).

Note: You may have additional settings options on your connector page depending on the Tenable applications you have installed, i.e., Tenable Assets (Assets Settings), Tenable VR (VR Settings), and Tenable ITSM (ITSM Settings) .

Note: For additional information about ServiceNow settings, see the ServiceNow documentation.

  1. Click Test the Connector.
  2. (For Tenable.sc only) Click the Download Queries for Connector link. These queries are used when you schedule an import of asset or vulnerability data (VR/ITSM). They are used to identify the assets in Tenable.sc that you want to pull.
  3. Note: If the connector test fails, check your username, password, and API Keys and retest the connector.

  1. Click Update.

    The Tenable connector starts syncing ServiceNow configuration items to your selected Tenable application.

  1. (For Tenable.sc) In the Related Links section, click Download Queries for Connector.

    ServiceNow downloads the queries for the Tenable connector.