Fortinet Document Library

Version:


Table of Contents

1.0.0
Copy Link

About the connector

Tenable.io Vulnerability Management provides the most accurate information about dynamic assets and vulnerabilities in ever-changing environments.

This document provides information about the Tenable.io connector, which facilitates automated interactions, with an Tenable.io server using FortiSOAR™ playbooks. Add the Tenable.io connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving a list along with details of all the completed scans for a specified time duration, retrieving information about asset(s) that are associated with a specified scan, and retrieving information about the vulnerabilities associated with a particular asset.

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.10.3-161 and later

Compatibility with Tenable.io Versions: 6.9.1 and later

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-tenable-io

For the detailed procedure to install a connector, click here.

 

Prerequisites to configuring the connector

  • You must have the URL of Tenable.io server to which you will connect and perform the automated operations and credentials to access that server.
  • To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™ , on the Connectors page, select the Tenable.io connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL URL of the Tenable.io server to which you will connect and perform the automated operations.
Access Key Access Key that is configured for your account to access the Tenable.io server to which you will connect and perform the automated operations.
Secret Key Secret Key that is configured for your account to access the Tenable.io server to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

Note: You can store the IDs, keys, and other confidential data using the Secrets store provided in FortiSOAR™ . When you store data in the Secrets store, users cannot see that data. However, they can use this data when required. For more information about the Secrets store, see Configuring the Secrets store in the "Administration" guide.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
List Scans Retrieves a list along with the details of all the completed scans from the Tenable.io server, based on the time duration, such as 24 hours or last 3 days, you have specified. search_scans
Investigation
Trigger Scan Triggers a scan on the Tenable.io server based on the scan ID you have specified. launch_scan
Investigation
List Scan’s Assets Retrieves information about asset(s) that are associated with a particular scan from the Tenable.io server, based on the scan ID you have specified. get_endpoints
Investigation
List Asset’s Vulnerabilities Retrieves information about vulnerabilities that are associated with a particular asset from the Tenable.io server, based on the asset UUID you have specified. get_vulnerabilities
Investigation
Get Vulnerability Information Retrieves information about a vulnerabilities that are associated with a particular plugin from the Tenable.io server, based on the plugin ID you have specified. vuln_details
Investigation
Get Plugin Information Retrieves information about a specific plugin from the Tenable.io server, based on the plugin ID you have specified. plugin_details
Investigation

 

operation: List Scans

Input parameters

 

Parameter Description
Completion Time Time duration for which you want to retrieve a list along with details of all the completed scans from Tenable.io. For example, if you choose Last 24 Hours, then the details of all the scans that were completed in the last 24 hours will be retrieved from the Tenable.io server.
You can choose from the following options: Last 24 Hours, Last 3 Days, Last 5 Days, Last 7 Days, Last 15 Days, Last 25 Days, Last 30 Days, Last 50 Days, Last 60 Days, Last 90 Days, Last 120 Days, and Last 180 Days.
/>Note: By default this option is set to Last 15 Days.

 

Output

The JSON output contains list along with the details of all the completed scans retrieved from Tenable.io, based on the time duration you have specified.

Following image displays a sample output:

Sample output of the List Scans operation

operation: Trigger Scan

Input parameters

 

Parameter Description
Scan ID ID of scan that you want to trigger on Tenable.io.
Targets (Optional) Targets that will be scanned instead of the default. Value for this field can be an array where each index is a target, or an array with a single index of comma separated targets.
For example, ['111.122.22.1', 'example.com']

 

Output

The JSON output contains the status of the trigger scan operation. The JSON output returns a Successmessage if the scan is trigged is successfully or an Error message containing the reason for failure. The JSON output also contains the UUID of the triggered scan.

Following image displays a sample output:

Sample output of the Trigger Scan operation

operation: List Scan's Assets

Input parameters

 

Parameter Description
Scan ID ID of scan whose associated asset(s) information you want to retrieve from Tenable.io.

 

Output

The JSON output contains information about the asset(s) associated with a specific scan retrieved from Tenable.io, based on the scan ID you have specified.

Following image displays a sample output:

Sample output of the List Scan's Assets operation

operation: List Asset’s Vulnerabilities

Input parameters

 

Parameter Description
Asset UUID UUID of asset whose associated vulnerabilities information you want to retrieve from Tenable.io.

 

Output

The JSON output contains information about the vulnerabilities associated with a specific asset retrieved from Tenable.io, based on the asset UUID you have specified.

Following image displays a sample output:

Sample output of the List Asset’s Vulnerabilities operation

operation: Get Vulnerability Information

Input parameters

 

Parameter Description
Plugin ID ID of plugin whose associated vulnerabilities details you want to retrieve from Tenable.io.

 

Output

The JSON output contains information about the vulnerabilities associated with a specific plugin retrieved from Tenable.io, based on the plugin ID you have specified.

Following image displays a sample output:

Sample output of the Get Vulnerability Information operation

operation: Get Plugin Information

Input parameters

 

Parameter Description
Plugin ID ID of plugin whose details you want to retrieve from Tenable.io.

 

Output

The JSON output contains information about the specific plugin retrieved from Tenable.io, based on the plugin ID you have specified.

Following image displays a sample output:

Sample output of the Get Vulnerability Information operation

Included playbooks

The Sample - Tenable-io - 1.0.0 playbook collection comes bundled with the Tenable.io connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Tenable.io connector.

  • Get Plugin Information
  • Get Vulnerability Information
  • List Asset’s Vulnerabilities
  • List Scans
  • List Scan’s Assets
  • Trigger Scan

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.

 

About the connector

Tenable.io Vulnerability Management provides the most accurate information about dynamic assets and vulnerabilities in ever-changing environments.

This document provides information about the Tenable.io connector, which facilitates automated interactions, with an Tenable.io server using FortiSOAR™ playbooks. Add the Tenable.io connector as a step in FortiSOAR™ playbooks and perform automated operations, such as retrieving a list along with details of all the completed scans for a specified time duration, retrieving information about asset(s) that are associated with a specified scan, and retrieving information about the vulnerabilities associated with a particular asset.

Version information

Connector Version: 1.0.0

Compatibility with FortiSOAR™ Versions: 4.10.3-161 and later

Compatibility with Tenable.io Versions: 6.9.1 and later

Installing the connector

All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:

yum install cyops-connector-tenable-io

For the detailed procedure to install a connector, click here.

 

Prerequisites to configuring the connector

Configuring the connector

For the procedure to configure a connector, click here.

Configuration parameters

In FortiSOAR™ , on the Connectors page, select the Tenable.io connector and click Configure to configure the following parameters:

 

Parameter Description
Server URL URL of the Tenable.io server to which you will connect and perform the automated operations.
Access Key Access Key that is configured for your account to access the Tenable.io server to which you will connect and perform the automated operations.
Secret Key Secret Key that is configured for your account to access the Tenable.io server to which you will connect and perform the automated operations.
Verify SSL Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True.

 

Note: You can store the IDs, keys, and other confidential data using the Secrets store provided in FortiSOAR™ . When you store data in the Secrets store, users cannot see that data. However, they can use this data when required. For more information about the Secrets store, see Configuring the Secrets store in the "Administration" guide.

Actions supported by the connector

The following automated operations can be included in playbooks and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:

 

Function Description Annotation and Category
List Scans Retrieves a list along with the details of all the completed scans from the Tenable.io server, based on the time duration, such as 24 hours or last 3 days, you have specified. search_scans
Investigation
Trigger Scan Triggers a scan on the Tenable.io server based on the scan ID you have specified. launch_scan
Investigation
List Scan’s Assets Retrieves information about asset(s) that are associated with a particular scan from the Tenable.io server, based on the scan ID you have specified. get_endpoints
Investigation
List Asset’s Vulnerabilities Retrieves information about vulnerabilities that are associated with a particular asset from the Tenable.io server, based on the asset UUID you have specified. get_vulnerabilities
Investigation
Get Vulnerability Information Retrieves information about a vulnerabilities that are associated with a particular plugin from the Tenable.io server, based on the plugin ID you have specified. vuln_details
Investigation
Get Plugin Information Retrieves information about a specific plugin from the Tenable.io server, based on the plugin ID you have specified. plugin_details
Investigation

 

operation: List Scans

Input parameters

 

Parameter Description
Completion Time Time duration for which you want to retrieve a list along with details of all the completed scans from Tenable.io. For example, if you choose Last 24 Hours, then the details of all the scans that were completed in the last 24 hours will be retrieved from the Tenable.io server.
You can choose from the following options: Last 24 Hours, Last 3 Days, Last 5 Days, Last 7 Days, Last 15 Days, Last 25 Days, Last 30 Days, Last 50 Days, Last 60 Days, Last 90 Days, Last 120 Days, and Last 180 Days.
/>Note: By default this option is set to Last 15 Days.

 

Output

The JSON output contains list along with the details of all the completed scans retrieved from Tenable.io, based on the time duration you have specified.

Following image displays a sample output:

Sample output of the List Scans operation

operation: Trigger Scan

Input parameters

 

Parameter Description
Scan ID ID of scan that you want to trigger on Tenable.io.
Targets (Optional) Targets that will be scanned instead of the default. Value for this field can be an array where each index is a target, or an array with a single index of comma separated targets.
For example, ['111.122.22.1', 'example.com']

 

Output

The JSON output contains the status of the trigger scan operation. The JSON output returns a Successmessage if the scan is trigged is successfully or an Error message containing the reason for failure. The JSON output also contains the UUID of the triggered scan.

Following image displays a sample output:

Sample output of the Trigger Scan operation

operation: List Scan's Assets

Input parameters

 

Parameter Description
Scan ID ID of scan whose associated asset(s) information you want to retrieve from Tenable.io.

 

Output

The JSON output contains information about the asset(s) associated with a specific scan retrieved from Tenable.io, based on the scan ID you have specified.

Following image displays a sample output:

Sample output of the List Scan's Assets operation

operation: List Asset’s Vulnerabilities

Input parameters

 

Parameter Description
Asset UUID UUID of asset whose associated vulnerabilities information you want to retrieve from Tenable.io.

 

Output

The JSON output contains information about the vulnerabilities associated with a specific asset retrieved from Tenable.io, based on the asset UUID you have specified.

Following image displays a sample output:

Sample output of the List Asset’s Vulnerabilities operation

operation: Get Vulnerability Information

Input parameters

 

Parameter Description
Plugin ID ID of plugin whose associated vulnerabilities details you want to retrieve from Tenable.io.

 

Output

The JSON output contains information about the vulnerabilities associated with a specific plugin retrieved from Tenable.io, based on the plugin ID you have specified.

Following image displays a sample output:

Sample output of the Get Vulnerability Information operation

operation: Get Plugin Information

Input parameters

 

Parameter Description
Plugin ID ID of plugin whose details you want to retrieve from Tenable.io.

 

Output

The JSON output contains information about the specific plugin retrieved from Tenable.io, based on the plugin ID you have specified.

Following image displays a sample output:

Sample output of the Get Vulnerability Information operation

Included playbooks

The Sample - Tenable-io - 1.0.0 playbook collection comes bundled with the Tenable.io connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the Tenable.io connector.

Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection, since the sample playbook collection gets deleted during connector upgrade and delete.