VR Configuration and Schedule Import
Note:Tenable does not, currently, support Domain Separation in the Tenable for Vulnerability Response application.
This document describes how to configure Tenable for VR.
Note: The Tenable for Vulnerability Response application only supports Tenable.sc versions 5.7 and later.
The VR integration configuration allows ServiceNow to poll and retrieve vulnerability data from Tenable.
Before you begin:
- You must be logged in with a ServiceNow account that has the x_tsirm_tio_vr.admin role to perform the setup process.
Note: You must completely configure and tune Tenable for Assets to correctly match Tenable Assets with ServiceNow CIs. If you do not do this first, you will have issues with VR.
- Log in to ServiceNow.
- Go to the Tenable Connector Applicaton.
- In the left navigation panel, click Connectors.
Click the Tenable connector you want to use: Tenable.io or Tenable.sc.
The Tenable Connector page appears.
- Scroll to the Scheduled Jobs section.
The Tenable Scheduled Import page appears.
By default, the Tenable Product and Connector fields populate with the Tenable application and connector you selected in step 3.
From the Tenable Application drop-down box, select Tenable for VR.
- In the Name text box, type a name for the VR.
Configure the options for your import.
Option Description Initial Run Historical Data
Specifies how far back (in days) to import when run for the first time. For example, if Within 30 days is selected, vulnerabilities that were observed 15 or 25 days ago are imported into ServiceNow. After the first import, Tenable only requests as many days as needed to catch up with Tenable.io or Tenable.sc.
Run Fixed Query on Initial Run
Pulls fixed vulnerabilities from the past on the first import. This allows for more complete reporting in ServiceNow for prior fixed vulnerabilities. Default setting: deselected.
Last Run -Opened/Reopened The date and time that the open/reopened import was last run. Last run - Fixed The date and time that the fixed import was last run. Active If selected, an asset sync is automatically queued when you submit the import or export. Default setting: selected. Default Chunk Size The number of records pulled in segments during the import. (This option populates when you select the Tenable Application in step 6. However, you can modify it by typing in the text box.) (For Tenable.io, you should not change this unless Tenable advises you to do so.) Included Severities (Only for Tenable.io) Select the severity levels to import. If not specified, all severity levels are imported. Included Plugin Family Names (Only for Tenable.io) Select plugin family names to include in the import. If not specified, all families are imported. SC Query (Only for Tenable.sc) The Tenable.sc query used for the import or export. Schedule
The frequency with which you want the import to run.
Time The set time (hh/mm/ss) to run the import.
- In the Access Key text box, type the access key provided by your Tenable administrator.
- In the Secret Key text box, type the secret key provided by your Tenable administrator.
- Click Update.
By default, that evening the connector starts syncing ServiceNow vulnerabilities to Tenable.io.
Third Party Vulnerabilities
To view third party vulnerabilities:
- Navigate to Vulnerability > Libraries > Third Party.
Vulnerabilities that include TEN- were imported from Tenable.io or Tenable.sc. Click a vulnerability to view the details.
Note: The bottom of the page includes vulnerability items and lists of CVE information linked during the import.
Configuration Items (Assets from Tenable.io)
To view configuration items:
Navigate to Configuration Item Management > Assets Pending Approval.
Vulnerability Items (Linked Vulnerability and Configuration Items)
To view vulnerability items:
Navigate to Vulnerabilities > Vulnerable Items.
Vulnerabilities that include TEN- were imported from Tenable.io and Tenable.sc. Click a vulnerability to view the details.
Note: If a vulnerability item is closed, the text boxes are disabled. In the Notes section, you can view information about why the item is closed.