Configure Tenable Security Center

Last Updated: December 19, 2024

Required User Role: Administrator

To configure Tenable Security Center in ServiceNow:

  1. Log in to your ServiceNow instance.

  2. Navigate to Tenable Connector for Assets > Connectors.

    The Tenable Connector appears.

  3. Navigate to your already existing connector whose Tenable product is Tenable Security Center.

  4. From the Module drop-down box, you can select Asset, ITSM, or SGC for Tenable.

    Note: By default, the connector’s name is populated.

    Note: For the Asset Module, you can select the Pull Assets or Push Assets Tenable Job Type. For the ITSM Module, you can select Pull Vulnerabilities as the Tenable Job Type.

    The Pull Assets Schedule Job fetches the assets from Tenable Security Center to ServiceNow and stores the asset details in the CMDB Tables (Incomplete IP Identified Device, Unclassed Hardware, Computer, Network Adaptor, IP Address) and the Custom table (Tenable Asset Attributes).

    Name Description Default Value
    TSC Query

    The selected filter is used to pull vulnerabilities or assets from Tenable Security Center.

    Disabled
    Active

    If selected, the scheduled job runs on the configured schedule.

    Disabled
    Initial Run - Historical Data

    The amount of time (in days) of how far back you want to pull data.

    		 Within the last 365 days
    Last Run

    The date and time that the import was last run.

    		N/A
    Edit Run Schedule

    Select this box if you want to configure the scheduled job run configuration. The following options must be configured:

    Note: Make sure not to set the run frequency too high, as this can result in congested jobs and create performance issues.

    • Run: The frequency that you want the import to run. Possible values are: Daily, Weekly, Monthly, Periodically, Once, On Demand, Business Calendar: Entry Start, or Business Calendar: Entry End.

    • Repeat Interval/Time: Set the time (hh/mm/ss) to run the import. This differs based on the Run selection.

    		 If selected, Daily is the default value.

    The Push Assets Scheduled Job pushes the assets from ServiceNow to Tenable Security Center. In Tenable Security Center, the data is pushed in the group that you specify when creating the schedule job. A new group is created on the platform, if the specified one is not already present.

    Name Description Default Value
    Active

    If selected, the scheduled job runs on the configured schedule.

    Disabled
    Initial Run - Historical Data

    The amount of time (in days) of how far back you want to pull data.

    		 Within the last 365 days
    Last Run

    The date and time that the import was last run.

    		N/A
    Edit Run Schedule

    Select this box if you want to configure the scheduled job run configuration. The following options must be configured:

    Note: Make sure not to set the run frequency too high, as this can result in congested jobs and create performance issues.

    • Run: The frequency that you want the import to run. Possible values are: Daily, Weekly, Monthly, Periodically, Once, On Demand, Business Calendar: Entry Start, or Business Calendar: Entry End.

    • Repeat Interval/Time: Set the time (hh/mm/ss) to run the import. This differs based on the Run selection.

    		 If enabled, Daily is the default value.

  5. In the Conditions > Configuration Item Source Table dropdown, select the table on which you want the query to run in order to export the assets to Tenable Security Center.

    Note: By default, this value is set to cmdb_ci. For the group type Static IP Address, the Configuration Item Source Table should be the parent table of "CMDB CI IP Address."

  6. In the Conditions > Group Name text box, enter the name of the group.

    Note: This named group is created in Tenable Security Center while pushing the assets records. You can identify these records based on the group name on the platform.

  7. In Conditions > Group Type dropdown, select DNS or Static IP Address, based on which type of data you would like to push.

    Note: For Static IP Address, you need to set the IP Version and IP’s To Send options. Only unique IP addresses are stored on the Tenable Security Center. However, in the Tenable job’s Total Record field, you may see more records than the number actually stored on the platform. This discrepancy occurs because the job does not check for uniqueness, whereas the platform does. The scheduled job first retrieves the record from the selected table, then checks the parent-child relationship in the cmdb_rel_ci table. If the relationship is not satisfied, the IP is not pushed to the platform. If the relationship is satisfied, the child IP is pushed to the platform.

  8. In the Conditions > Conditions dropdown, apply the filter conditions on the Configuration Item Source Table that you have selected.

  9. If you selected the ITSM Module, configure the following parameters:

    The Pull Vulnerabilities Schedule Job fetches the vulnerabilities from Tenable Security Center to ServiceNow and stores the vulnerabilities in the Custom table (Tenable Vulnerability).

    Name Description Default Value
    TSC Query

    The selected filter is used to pull vulnerabilities or assets from Tenable Security Center.

    Disabled
    Active

    If selected, the scheduled job runs on the configured schedule.

    Disabled
    Initial Run - Historical Data

    The amount of time (in days) of how far back you want to pull data.

    		 Within the last 365 days
    Last Run

    The date and time that the import was last run.

    		N/A
    Last Run - Fixed

    The date and time that the fixed import was last run. The integration fetches the vulnerabilities from this data and time.

    Note: This field is for the Fixed job mode.

    		N/A
    Run Fixed Query on Initial Run

    Pulls fixed vulnerabilities on the first import.

    		 Disabled
    Edit Run Schedule

    Select this box if you want to configure the scheduled job run configuration. The following options must be configured:

    Note: Make sure not to set the run frequency too high, as this can result in congested jobs and create performance issues.

    • Run: The frequency that you want the import to run. Possible values are: Daily, Weekly, Monthly, Periodically, Once, On Demand, Business Calendar: Entry Start, or Business Calendar: Entry End.

    • Repeat Interval/Time: Set the time (hh/mm/ss) to run the import. This differs based on the Run selection.

    		 If selected, Daily is the default value.

    10. Note: The Name text box is automatically populated based on the name of the connector and Job Type.

  10. Click Submit.

Next steps: