Remove Frictionless Assessment
Required User Role: Administrator
You can remove or offboard your existing AWS and Azure connectors from your Tenable container when you upgrade to Agentless Assessment.
Remove AWS Frictionless Assessment
There are two types of connectors:
-
AWS Frictionless Assessment connector with keyless authentication
-
AWS Frictionless Assessment connector
Considerations before removing the AWS Frictionless Assessment connector with keyless authentication:
-
This connector includes both discovery and Frictionless Assessment functionality.
-
After deletion, you must create another discovery connector to continue the discovery functionality.
-
Check if the connector deployed one of the following CloudFormation templates during the creation process.
To remove the AWS Frictionless Assessment connector with keyless authentication:
-
Delete the AWS connector. For more information, see Delete a Connector.
Tenable removes the following AWS Systems Manager resources from your account:
-
TenableInventoryAssociation — AWS Systems Manager association name.
-
TenableInventoryCollection — AWS Systems Manager document name.
-
tenb-inv-upload-<customerRegionName>-<clusterName>-sync — ResourceDataSync.
-
-
In AWS, verify if the AWS Systems Manager resources are removed from your account.
-
In AWS, remove the Stack instance with the name tenableio-connector-aws-keyless-fa-single-tag-cft or tenableio-connector-aws-keyless-fa-cft.
This removes the permissions that Tenable required to perform the Frictionless Assessment inventory scanning and discovery.
-
(Optional) Remove the tags for AWS EC2 instances used for Frictionless Assessment.
Considerations before removing AWS Frictionless Assessment connector:
-
This connector includes only the Frictionless Assessment functionality.
-
The CloudFormation StackSet deployed the AWS Systems Manager resources for this connector. Therefore, when you delete the stack instances and the StackSet from your AWS Account, the AWS Systems Manager resources are removed.
-
Check if you have set up a separate discovery connector for the same account as the one for the Frictionless Assessment connector. This discovery connector detects terminated assets. There is no need to remove this discovery connector as it continues to discover and import assets from your AWS account.
To remove the AWS Frictionless Assessment connector:
-
In Tenable Vulnerability Management, delete the AWS Frictionless Assessment connector. For more information, see Delete a Connector.
Tenable removes the backend configuration for the connector so that the inventory for your account is no longer processed.
-
In AWS, remove the StackSet that you deployed with this CloudFormation template from your AWS account.
This removes the AWS Systems Manager association, AWS Systems Manager document, and ResourceDataSync from your account. When this step is complete, Tenable no longer receives your inventory for scanning.
-
(Optional) Remove the tags for EC2 instances scanned by Frictionless Assessment.
Remove Azure Frictionless Assessment
The Azure Frictionless Assessment is similar to AWS Frictionless Assessment connector.
To remove Azure Frictionless Assessment connector:
-
In Tenable Vulnerability Management, delete the Azure Frictionless Assessment connector. For more information, see Delete a Connector.
-
In the Azure portal, locate and delete the Tenable-FA-Connector-* resource group.
This is the resource group deployed by the ARM template when you created the Azure Frictionless Assessment connector.
-
(Optional) Remove the tags used for Frictionless Assessment.