Configure Tenable Data Stream
To set up Tenable Data Stream, connect your AWS bucket to Tenable Vulnerability Management. When connecting to your AWS bucket, Tenable uses an AWS Identity Access Management (IAM) role with a trust relationship and least privilege access.
To configure Tenable Data Stream:
-
In the left navigation, click
Settings.The Settings page appears.
-
Click Tenable Data Stream.
The Tenable Data Stream page appears.
-
In the top-left corner, click Add an Integration.
-
In Add an Integration, enter the following:
Option Description Integration Name. The name of the the integration. Email notification (Optional) An email address where notifications will be sent if the the stream state changes (for example, when a stream fails).
-
Click Next.
-
In Configure an IAM Role, enter the following:
Option Description AWS Account ID. Your organization's AWS account ID, as described in AWS Account Management in the AWS documentation. IAM Role Name The IAM role to use, as described in IAM roles in the AWS documentation.
Tip: Tenable recommends creating a new IAM role. To do this, copy the Trust Policy from the blue box and add it to your AWS settings as described in Creating a role using custom trust policies in the AWS documentation. If not creating a new role, copy the Trust Policy into the existing role instead.External ID A secret alphanumeric identifier that Tenable will use to assume the IAM role, as described in Access to AWS accounts owned by third parties in the AWS documentation. -
Click Next.
-
In Configure an AWS Bucket, add the following:
Option Description S3 Bucket Name The name you want to use for the S3 bucket.
Tip: Tenable recommends creating a new AWS bucket. When doing this, copy the Bucket Policy from the blue box and add it to your S3 bucket permissions. Otherwise, copy the Bucket Policy to your existing bucket.Path Prefix The path prefix for the AWS path where your data will be saved.
-
Click Save.
The Tenable system begins processing the AWS integration.