VR Configuration and Schedule Import

Note: Tenable does not, currently, support Domain Separation in the Tenable for Vulnerability Response application.

This section describes how to configure Tenable for VR.

Note: The Tenable for Vulnerability Response application only supports Tenable.sc versions 5.7 and later.

The VR integration configuration allows ServiceNow to poll and retrieve vulnerability data from Tenable.

Before you begin:

  • In ServiceNow, you must have an account that has the x_tsirm_tio_vr.admin role complete the setup.

  • Configure the Tenable Connector

    Note: You must completely configure and tune Tenable for Assets to correctly match Tenable Assets with ServiceNow CIs. If you do not do this first, you will have issues with VR.

  1. Log in to ServiceNow.
  2. Go to the Tenable Connector Application.
  1. In the left navigation panel, click Connectors.

  2. Click the Tenable connector you want to use: Tenable.io or Tenable.sc.

    The Tenable Connector page appears.

  3. Scroll to the Scheduled Jobs section.

  4. Click New.

    The Tenable Scheduled Import page appears.

    By default, the Tenable Product and Connector fields populate with the Tenable application and connector you selected in step 3.

  5. From the Tenable Application drop-down box, select Tenable for VR.

    Tenable.io

    Tenable.sc

  1. In the Name text box, type a name for the VR.

  2. Configure the options for your import.

    Option Description
    Initial Run Historical Data

    Specifies how far back (in days) to import when run for the first time. For example, if Within 30 days is selected, vulnerabilities that were observed 15 or 25 days ago are imported into ServiceNow. After the first import, Tenable only requests as many days as needed to catch up with Tenable.io or Tenable.sc.
    Run Fixed Query on Initial Run

    Pulls fixed vulnerabilities from the past on the first import. This allows for more complete reporting in ServiceNow for prior fixed vulnerabilities. Default setting: deselected.
    Last Run -Opened/Reopened The date and time that the open/reopened import was last run.
    Last run - Fixed The date and time that the fixed import was last run.
    Active If selected, an asset sync is automatically queued when you submit the import or export. Default setting: selected.
    Default Chunk Size The number of records pulled in segments during the import. (This option populates when you select the Tenable Application in step 6. However, you can modify it by typing in the text box.) (For Tenable.io, you should not change this unless Tenable advises you to do so.)
    Included Severities (Only for Tenable.io) Select the severity levels to import. If not specified, all severity levels are imported.
    Included Plugin Family Names (Only for Tenable.io) Select plugin family names to include in the import. If not specified, all families are imported.
    SC Query (Only for Tenable.sc) The Tenable.sc query used for the import or export.
    Schedule

    Run

    The frequency with which you want the import to run.
    Time The set time (hh/mm/ss) to run the import.
  3. In the Access Key text box, type the access key provided by your Tenable administrator.
  4. In the Secret Key text box, type the secret key provided by your Tenable administrator.
  5. Click Update.

    By default, that evening the connector starts syncing ServiceNow vulnerabilities to Tenable.io.

Third Party Vulnerabilities

To view third party vulnerabilities:

  • Navigate to Vulnerability > Libraries > Third Party.

    Vulnerabilities that include TEN- were imported from Tenable.io or Tenable.sc. Click a vulnerability to view the details.

    Note: The bottom of the page includes vulnerability items and lists of CVE information linked during the import.

Vulnerability Items (Linked Vulnerability and Configuration Items)

To view vulnerability items:

  • Navigate to Vulnerabilities > Vulnerable Items.

    Vulnerabilities that include TEN- were imported from Tenable.io and Tenable.sc. Click a vulnerability to view the details.

    Note: If a vulnerability item is closed, the text boxes are disabled. In the Notes section, you can view information about why the item is closed.