VR Configuration and Schedule Import

This section describes how to configure Tenable for VR.

Note: The Tenable for Vulnerability Response application only supports Tenable.sc versions 5.7 and later.

The VR integration configuration allows ServiceNow to poll and retrieve vulnerability data from Tenable.

Note: Tenable VR apps only pull/download queries from Tenable.sc integrations that are using Vulnerability Detail List as the query builder tool. For more information on Tenable.sc queries, see Queries in the Tenable.sc documentation.

Before you begin:

  • In ServiceNow, you must have an account that has the x_tsirm_tio_vr.admin role to complete the setup.

  • Configure the Tenable Connector

    Note: Completely configure and tune Tenable for Assets to match Tenable Assets with ServiceNow CIs. If you do not do this first, issues may occur with VR.

  1. Log in to ServiceNow.
  2. In the left-hand menu, click Tenable Connector.

  3. In the sub-menu, click Connectors.

    The Tenable Connectors page appears.

  4. Click the Tenable connector you want to use: Tenable.io or Tenable.sc.

    The Tenable Connector page appears.

  5. In the Scheduled Jobs section, click New.

    The Tenable Scheduled Import page appears. By default, the Tenable Product and Connector fields populate with the Tenable application/connector you selected in step 3.

  6. From the Tenable Application drop-down box, select Tenable for VR.

    Tenable.io

    Tenable.sc

  7. From the Tenable Job Type drop-down box, select the appropriate job type.

  8. If you are in a domain-separated environment, in the Domain box, type the domain into which to bring connector data.

  9. (For Tenable.io) From the Import Export drop-down box, select Import. Import is selected by default.
  10. In the Name text box, type a name for the VR.

  11. Configure the options for your import.

    Option Description
    Initial Run Historical Data

    Specifies how far back (in days) to import when run for the first time. For example, if you select the Within 30 days option, observed vulnerabilities within 15 or 25 days ago are imported into ServiceNow. After the first import, Tenable only requests as many days as needed to catch up with Tenable.io or Tenable.sc.
    Run Fixed Query on Initial Run

    Pulls fixed vulnerabilities from the past on the first import. This allows for more complete reporting in ServiceNow for prior fixed vulnerabilities. Default setting: deselected.
    Last Run -Opened/Reopened The date and time that the Open/Reopened import was last run.
    Last run - Fixed The date and time that the fixed import was last run.
    Active If selected, an asset sync is automatically queued when you submit the import or export. Default setting: selected.
    Default Chunk Size The number of records pulled in segments during the import. (This option populates when you select the Tenable Application in step 6. However, you can modify it by typing in the text box.) (For Tenable.io, you should not change this unless Tenable advises you to do so.)
    Included Severities (Only for Tenable.io) Select the severity levels to import. If not specified, all severity levels are imported.
    Included Plugin Family Names (Only for Tenable.io) Select plugin family names to include in the import. If not specified, all families are imported.
    SC Query (Only for Tenable.sc) The Tenable.sc query used for the import or export.
    Schedule

    Run

    The frequency with which you want the import to run.
    Time The set time (hh/mm/ss) to run the import.
  12. In the Access Key text box, type the access key provided by your Tenable administrator.
  13. In the Secret Key text box, type the secret key provided by your Tenable administrator.
  14. Click Update.

    By default, that evening the connector starts syncing ServiceNow vulnerabilities to Tenable.io.

Third-Party Vulnerabilities

To view third-party vulnerabilities:

  • Navigate to Vulnerable Items > Libraries > Third Party.

    Vulnerabilities that include TEN- were imported from Tenable.io or Tenable.sc. Click a vulnerability to view the details.

    Note: The bottom of the page includes vulnerability items and lists of CVE information linked during the import.

Vulnerability Items (Linked Vulnerability and Configuration Items)

To view vulnerability items:

  • Navigate to Vulnerabilities > Vulnerable Items.

    Vulnerabilities that include TEN- were imported from Tenable.io and Tenable.sc. Click a vulnerability to view the details.

    Note: Text boxes are disabled for closed vulnerability items. In the Notes section, you can view information about why the item is closed.