TOC & Recently Viewed

Recently Viewed Topics

Integration Configuration

The following steps outline the configuration process to allow ServiceNow, through the use of the application, to poll and retrieve vulnerability data from Tenable.io. You must be logged in with a ServiceNow account that has the x_tsirm_tio_vr.admin role to perform the setup process.

The setup process involves these major steps, described below in greater detail:

  • Create a Connector
  • Configure the connection in Tenable.io for VR
  • Schedule an import

Configure Asset Connector

Complete the Asset Configuration steps before configuring a VR connection in ServiceNow.

Configure the ServiceNow and Tenable.io VR Connector

  1. In the ServiceNow application, in the left-hand pane, navigate to Tenable.io for VR > Configuration > Connectors.

  2. Click Default Connector.
  3. On the Tenable Connector page, select the Active check box.
  4. Click Update.

    By default, that evening the connector starts syncing ServiceNow vulnerabilities to Tenable.io.

Schedule an Import

When the connection is configured, the Open/Reopened and Fixed import jobs start. The Fixed import job always waits for the Open/Reopened import job to finish so the vulnerabilities are set properly.

Note: If the Fixed chunks have no records, the Fixed import job is automatically marked complete.

To create a new import job:

  1. In ServiceNow, navigate to Tenable.io for VR > Configuration > Scheduled Imports.
  2. At the top of the page, click New.

    The New Record page appears.

  3. In the Import Name field, type a name for the import.
  4. Select the Active check box.
  5. In the Initial Run - Historical Data field, specify how far back (in days) to import when this Scheduled Import runs for the first time. For example, if Within 30 days is selected, vulnerabilities that were observed 15 or 25 days ago are imported into ServiceNow. After the first import, Tenable for Security Operations only requests as many days as needed to catch up with Tenable.io as a matter of efficiency.

  6. From the Tenable Connector drop-down, select the connector for the import.
  7. In the Schedule section, in the Run and Time fields, select how often to request new vulnerability data from Tenable.io.

  8. Click Submit.
  9. If you want to begin the import now, visit the new scheduled import and click Execute Now.

Once the vulnerability import is complete, the following items appear in ServiceNow:

Third Party Vulnerabilities

To view Third Party Vulnerabilities:

  1. Navigate to Vulnerability > Libraries > Third Party.

    Any vulnerabilities that include TEN- were imported from Tenable.io. Click a vulnerability to view the details.

    Note: The bottom of the page includes Vulnerability Items and lists of CVE information linked during the import.

Configuration Items (Assets from Tenable.io)

To view Configuration Items:

  1. Navigate to Tenable.io for Assets > All Synchronized Items and Tenable.io for Assets > Assets Pending Approval.

Vulnerability Items (The linked Vulnerability and Configuration Items)

To view Vulnerability Items:

  1. Navigate to Vulnerability > Vulnerabilities > Vulnerable Items.

  2. Click any items that include TEN- in the name to view details.

    Note: If a Vulnerability Item is closed, then the fields are disabled. In the Notes section, you can view the notes regarding why the item is closed.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.