Automatic Initiatives in Tenable Vulnerability Management

In the Exposure Response section of Tenable Vulnerability Management, you can create initiatives based off of findings that you can then link directly to your ticketing systems. Tenable calls this process mobilization. Initiatives are projects to address vulnerabilities in your environment. You can track specific findings using combinations and apply asset tags to choose the assets in scope. You can then assign initiatives to your team, set SLAs (Service Level Agreements), and measure progress through remediation scan results.

Because these initiatives automatically update when a change is made to the tracked ticket, they are considered automatic initiatives.

Example Initiative

To address recently exploited vulnerabilities on your Headquarters network, you might create an initiative as follows:

  • Name — Recently exploited vulnerabilities at HQ

  • Asset Scope — Network: HQ

  • Owner[email protected]

  • Remediate Within (SLA) — 7 days

  • Combinations — Category is equal to Recently Actively Exploited AND VPR is greater than 6

Before you Begin

  • Review the Prerequisites and ensure you have the appropriate permissions and ticketing configurations enabled for initiative creation.

  • Create asset tags — Initiatives use asset tags to define the assets in scope. Create any asset tags you plan to use for your initiative.

  • (Optional) Create custom combinations — If you plan to use custom combinations, create them via the Manage Combinations tab.

You can create the following kinds of initiatives within Tenable Vulnerability Management:

Jira Initiatives in Tenable Vulnerability Management

Configure Jira

Before you create an initiative, you must first configure a connection between Jira and Tenable Vulnerability Management.

To configure Jira issue creation in Tenable Vulnerability Management:

  1. In the left navigation, click Settings.

    The Settings page appears.

  2. Click on the Jira Cloud tile.

    The Jira Connector page appears.

  3. Configure the following Jira Cloud Credentials:

    4. Option Description
    Integration Name Choose your own Jira integration name.
    Jira Cloud URL The unique web address for your organization's instance of Jira Cloud, typically formatted as https://[your-company-name].atlassian.net.
    Jira Cloud User Account

    Your individual credentials (email and password) used to authenticate and access your organization's Jira Cloud site.
    Jira Cloud API Token

    Your API key or token for authenticated access to the Jira Cloud API.

  4. To test the connection, click Connect.

    Once Tenable validates the integration connectivity, a Connection was Successful notification appears.

  5. Configure the following default values for each Jira project:

    6. Option Description
    Project The Jira Project name that these options relate to.
    Default Assignee Assign a user as a default assignee from the drop-down list.
    Default Reporter Assign a default reporter value from the drop-down list.
    Default Label(s) Your organization's Cloud URL.
    Sync Jira Priorities

    Create a mapping of Tenablefindings severities (for example, Critical, High, Medium, Low, Info) to Jira Priorities (for example, Highest, High. Lowest).

  6. To set default values for additional Jira projects, click Add Another Project.
    7. Note: To delete project configurations click the next to the corresponding project.
  7. Click Save.

Create a Jira Initiative

To create a Jira mobilization initiative based off of a finding:

  1. In Tenable Vulnerability Management, in the left navigation menu, click Exposure Response.

    The Exposure Response page appears. By default, the Initiatives tab is active.

  2. In the My Initiatives section, click the button.

    The Create an Exposure Response Initiative pane appears.

  3. On the Basic Setup tab, configure the following options:

    Option Description
    Name (required) Type a name for the initiative.
    Description Type a description for the initiative, for example Reduce my external attack surface.
    Owner

    Select the initiative owner from a list of [MadCap Variable: Tenable.VulnerabilityManagementStandalone] users. You cannot reassign initiatives once you create them.

    Note: Only administrators and initiative owners can view initiatives.
    Asset Scope (required) Choose up to ten tags to define which assets in your environment are in scope. Search for and select tags to assign, for example Priority: High or Software: Oracle.
    Remediate Within (SLA) (required) Choose an SLA, in days, by which all findings require remediation. For example, to set an SLA of one week, enter 7.
    Assign Combinations

    Select up to ten combinations from the available tabs:

    • My Combinations — Your personal combinations, which only you can view. You cannot assign personal combinations to initiatives you do not own.

    • Shared — Organization-wide combinations, which anyone can view or use, and which your administrators and the combination owners can update. Track updates in the Combination Timeline.

    • Tenable — Predefined combinations from the Tenable Research Team. These may be updated infrequently, which can change the resources in your initiatives. Track updates in the Combination Timeline.
  4. Click the Ticketing Automation tab.

    The Setup Delivery Methods appear.

  5. Click Jira.

    Jira ticketing configuration options appear.

  6. Configure the following options:

    Option Description
    Ticket Aggregation Behavior

    Select how you want Tenable Vulnerability Management to aggregate tickets for the finding:

    • New ticket for every new finding — Every time a finding appears, a new ticket gets created in Jira.

    • New findings create subtasks on an existing ticket — Every time a finding appears, a subtask gets created on an existing Jira ticket.
    Existing Jira Ticket (optional)

    Select the existing Jira ticket from the drop-down list.

    Note: You see this option only if you choose New findings create subtasks on an existing ticket.
    Project

    The Jira project in which you want tickets to be created.

    Important: You must have at least one Jira project for the configuration to function as expected.
    Work Type The specific type of issue created, for example, Story, Task, or Bug.
    Summary The Jira Summary combines the finding name, asset name, and this text to create a descriptive ticket title.
    Description A detailed explanation of the issue, context, and steps to reproduce (if applicable).
    Priority

    The relative importance or severity of the issue. Default value: Default Mapping.

    Note: Leave this set to Default Mapping to allow the priority to be set by the finding severity based on your Jira instance configuration. For more information about overriding this severity, see Configure Jira.
    Reporter The user who created the issue and submitted it to the project.
    Assignee The user to which the ticket or subtask is assigned in Jira.
    Parent The larger issue (for example, an Epic) under which the current item is nested.
    Labels

    Custom tags you want to apply to the ticket for flexible categorization and filtering.

  7. Click Save.

    The initiative appears in the My Initiatives panel.

What to do Next

View your Initiative Data and Updates

Within Tenable Vulnerability Management, you can view data about your existing mobilization initiatives and their updates in the following locations:

Manage your Initiatives

Once configured, you can view and manage your Tenable Vulnerability Management mobilization initiatives in the following ways: