VR Integration Configuration

Note:Tenable does not support Domain Separation because it requires data management at the individual domain level of a multi-level domain. Domain Separation is a specialty product for ServiceNow and the Tenable app suite features a single un-layered domain for the average enterprise implementation.

This document describes how to configure Tenable for VR for the following Tenable platforms:

Note: The ServiceNow configuration only supports Tenable.sc versions 5.7 and later.

The VR integration configuration allows ServiceNow to poll and retrieve vulnerability data from Tenable.io.

Before you begin:

You must be logged in with a ServiceNow account that has the x_tsirm_tio_vr.admin role to perform the setup process.

To setup the Tenable for VR integration configuration, you must:

Configure the ServiceNow and Tenable.io VR Connector

  1. Log in to ServiceNow.
  2. Navigate to Tenable for VR > Configuration > Connectors.

  3. Delete the Default Tenable.io Connector.

    Note: Tenable does not recommend using the default connector because it uses predefined ServiceNow sysids that can be overwritten during the upgrade process.

  4. Click New.

    The Tenable Connector page appears.

  5. From the Tenable Product drop-down menu, select Tenable.io.
  6. Select the Active check box.
  7. In the Name text box, type a name that describes your enterprise environment.
  8. In the Access Key text box, type the access key provided by your Tenable administrator.
  9. In the Secret Key text box, type the secret key provided by your Tenable administrator.
  10. Click Update.

    By default, that evening the connector starts syncing ServiceNow vulnerabilities to Tenable.io.

Schedule an Import

When the connection is configured, the Open/Reopened and Fixed import jobs start. The Fixed import job waits for the Open/Reopened import job to finish to ensure vulnerabilities are set properly.

Note: If the Fixed chunks have no records, the Fixed import job is automatically marked complete.

To create a new import job:

  1. In ServiceNow, navigate to Tenable for VR > Configuration > Scheduled Imports.
  2. At the top of the page, click New.

    The New Record page appears.

  3. In the Import Name text box, type a name for the import.
  4. Select the Active check box.

  5. In the Initial Run - Historical Data text box, specify how far back (in days) to import when this scheduled import runs for the first time. For example, if Within 30 days is selected, vulnerabilities that were observed 15 or 25 days ago are imported into ServiceNow. After the first import, Tenable for Security Operations only requests as many days as needed to catch up with Tenable.io.

  6. In the Connector text box, type or search for the connector for the import.

  7. In the Schedule section, from the Run drop-down box, select the frequency with which you want the import to run.

  8. In the Schedule section, in the Time text box, type the time at which you want the import to run.
  9. Click Submit.

  10. (Optional) To immediately run the import:

    1. Navigate to Tenable for ITSM > Configuration > Scheduled Imports.
    2. Visit the newly scheduled import and click Execute Now.

Once the vulnerability import is complete, the following items appear in ServiceNow:

Third Party Vulnerabilities

To view third party vulnerabilities:

  • Navigate to Vulnerability > Libraries > Third Party.

    Vulnerabilities that include TEN- were imported from Tenable.io. Click a vulnerability to view the details.

    Note: The bottom of the page includes vulnerability items and lists of CVE information linked during the import.

Configuration Items (Assets from Tenable.io)

To view configuration items:

  • Navigate to Tenable for Assets > All Synchronized Items and Tenable for Assets > Assets Pending Approval.

Vulnerability Items (Linked Vulnerability and Configuration Items)

To view vulnerability items:

  • Navigate to Vulnerability > Vulnerabilities > Vulnerable Items.

    Vulnerabilities that include TEN- were imported from Tenable.io. Click a vulnerability to view the details.

    Note: If a vulnerability item is closed, the text boxes are disabled. In the Notes section, you can view information about why the item is closed.

The VR integration configuration allows ServiceNow to poll and retrieve vulnerability data from Tenable.sc.

Before you begin:

To setup the Tenable for VR integration configuration, you must:

Configure the ServiceNow and Tenable.io VR Connector

  1. Log in to ServiceNow.
  2. Navigate to Tenable for VR > Configuration > Connectors.

  3. Delete the Default Tenable.sc Connector.

    Note: Tenable does not recommend using the default connector because it uses predefined ServiceNow sysids that can be overwritten during the upgrade process.

  4. Click New.

    The Tenable Connector page appears.

  5. From the Tenable Product drop-down menu, select Tenable.sc.
  6. Select the Active check box.
  7. In the Name text box, type a name that describes your enterprise environment.
  8. Next to the Address text box, click the lock button..
  9. In the Address text box, type an IP address or DNS name for the connector.
  10. Click the lock button a second time to lock the address.
  11. In the API Username text box, type the value associated with your Tenable.sc instance.
  12. Click Update.

    By default, that evening the connector starts syncing ServiceNow vulnerabilities to Tenable.sc.

Schedule an Import

When the connection is configured, the Open/Reopened and Fixed import jobs start. The Fixed import job waits for the Open/Reopened import job to finish to ensure vulnerabilities are set properly.

Note: If the Fixed chunks don't have records, the Fixed import job is automatically marked complete.

To create a new import job:

  1. In ServiceNow, navigate to Tenable for VR > Configuration > Scheduled Imports.
  2. At the top of the page, click New.

    The New Record page appears.

  3. In the Import Name text box, type a name for the import.
  4. Select the Active check box.

  5. In the Initial Run - Historical Data text box, specify how far back (in days) to import when this scheduled import runs for the first time. For example, if Within 30 days is selected, vulnerabilities that were observed 15 or 25 days ago are imported into ServiceNow. After the first import, Tenable for Security Operations only requests as many days as needed to catch up with Tenable.sc.

  6. In the Connector text box, type or search for the connector for the import.

  7. In the Schedule section, from the Run drop-down box, select the frequency with which you want the import to run.

  8. In the Schedule section, in the Time text box, type the time at which you want the import to run.
  9. Click Submit.

  10. (Optional) To immediately run the import:

    1. Navigate to Tenable for ITSM > Configuration > Scheduled Imports.
    2. Visit the newly scheduled import and click Execute Now.

Once the vulnerability import is complete, the following items appear in ServiceNow:

Third Party Vulnerabilities

To view third party vulnerabilities:

  • Navigate to Vulnerability > Libraries > Third Party.

    Vulnerabilities that include TEN- were imported from Tenable.sc. Click a vulnerability to view the details.

    Note: The bottom of the page includes vulnerability items and lists of CVE information linked during the import.

Configuration Items (Assets from Tenable.sc)

To view configuration items:

  • Navigate to Tenable for Assets > All Synchronized Items and Tenable for Assets > Assets Pending Approval.

Vulnerability Items (Linked Vulnerability and Configuration Items)

To view vulnerability items:

  • Navigate to Vulnerability > Vulnerabilities > Vulnerable Items.

    Vulnerabilities that include TEN- were imported from Tenable.io. Click a vulnerability to view the details.

    Note: If a vulnerability item is closed, the text boxes are disabled. In the Notes section, you can view information about why the item is closed.

Tip: In the Vulnerability Items section, use the Rescan button to rescan a vulnerability at any time.