NOTE: This project has been archived and is slated to be removed in the second half of 2024.
This tool is designed to consume Tenable.io vulnerability data, transform that data into the Google Security Command Center format, and then upload the resulting data into Google Security Command Center.
The tool can be run as either as a one-shot ingest or as a continuous service.
- API Keys for a service account in Tenable.io that can use the Exports API (Generally an Admin User)
- Service Account within Google Cloud that has the required permissions to edit findings and state (Security Center Findings Editor, and Security Center Findings State Setter roles).
- A host to run the script on that can run a Python 3.x environment. As this bridge talks cloud-to-cloud, where it is located does not matter.
pip install tenable-cscc
- Add the Tenable.io CSCC Service from the Marketplace
- Copy the source id that was generated (we will use this later)
- Create a service key for the account that was created
- Create a new VM Instance to store the integration (Debian 9)
- Download the installation script:
curl -o installer.sh https://raw.githubusercontent.com/tenable/integration-cscc/master/install-tenable-cscc.sh
- Run the installer
chmod 755 installer.sh && sudo ./installer.sh
- Copy the service key onto the host (such as /etc/google-account.json).
- Update the variables within the /etc/tenable-cscc.conf file.
- Start the service
sudo systemctl start tenable-cscc
The following below details both the command-line arguments as well as the equivalent environment variables.
Usage: tenable-cscc [OPTIONS]
Tenable.io -> Google Cloud Security Command Center Bridge
Options:
--tio-access-key TEXT Tenable.io Access Key
--tio-secret-key TEXT Tenable.io Secret Key
-b, --batch-size INTEGER Export/Import Batch Sizing
-v, --verbose Logging Verbosity
-s, --observed-since INTEGER The unix timestamp of the age threshold
-r, --run-every INTEGER How many hours between recurring imports
-t, --threads INTEGER How many concurrent threads to run for the
import.
-s, --service-account-file PATH
-i, --source-id TEXT The GCP CSCC Source ID
--help Show this message and exit.
Run the import once:
tenable-cscc \
--tio-access-key {TIO_ACCESS_KEY} \
--tio-secret-key {TIO_SECRET_KEY} \
--service-account-file {SA_JSON_FILENAME} \
--source-id {SOURCE_ID}
Run the import once an hour:
tenable-cscc \
--tio-access-key {TIO_ACCESS_KEY} \
--tio-secret-key {TIO_SECRET_KEY} \
--service-account-file {SA_JSON_FILENAME} \
--source-id {SOURCE_ID}
--run-every 1