Tenable Data Stream

With Tenable Data Stream, you connect an AWS S3 bucket to Tenable Vulnerability Management, which then continuously sends your Tenable data to the bucket in JSON format. This feature is an alternative to the Tenable export APIs.

Note: To connect to your AWS bucket, Tenable uses an AWS Identity Access Management (IAM) role with least privilege access.

Important: AWS GovCloud and FIPS Support

Tenable Data Stream supports writing data to S3 buckets located within AWS GovCloud regions.
GovCloud S3 Buckets—When configuring the Data Stream, Tenable automatically identifies the resources as being in the GovCloud space via the provided ARN and IAM roles.
FIPS Endpoints—While Tenable Data Stream uses FIPS-compliant endpoints internally for secure connectivity and data transfer within the GovCloud region, the feature does not currently support writing data directly to a customer-defined FIPS endpoint.

The following topics break down how to configure Tenable Data Stream and use its manifest files to ingest vulnerability data into your application. They also describe the format of the payload files sent by Tenable Vulnerability Management.