Tenable.io and Nessus Professional

Enterprise

runZero integrates with Tenable.io and Nessus Professional by importing data from the Tenable API.

Getting started with Tenable.io and Nessus Professional

To set up an integration with Tenable.io or Nessus Professional, you’ll need to:

  1. Create an Administrator API key in an access group with Can View permission to Manage Assets.
  2. Configure the Tenable.io or Nessus Professional credential in runZero.
  3. Activate the connection to pull your data into runZero.

Requirements

Before you can set up the Tenable.io or Nessus Professional integration:

  • Verify that you have runZero Enterprise.
  • Make sure you have administrator access to the Tenable portal.

Step 1: Create an Administrator API key

  1. Log in to Tenable.io or Nessus Professional with the Administrator account being used for the runZero integration.
  2. Go to My Profile > My Account > API Keys.
  3. Generate the API token, then download or copy it.
  • For Nessus Professional, you will either need to configure the Tenable credential to skip TLS verification, or provide the TLS thumbprint when creating the runZero credential.

Step 2: Add the Tenable credential to runZero

  1. Go to the Credentials page in runZero. Provide a name for the credentials, like Tenable.io or Nessus Professional.
  2. Choose Tenable.io Access & Secret or Nessus Professional Access & Secret from the list of credential types.
  3. Generate your Tenable access and secret keys via your account page in the Tenable portal, and then provide the following information:
    • Access key - Your 64-character Tenable access key.
    • Secret key - Your 64-character Tenable secret key.
    • Nessus Professional only:
      • Nessus API URL - The API URL for your Nessus Professional instance. The expected format is https://ip:port or https://domain.tld:port.
      • Nessus insecure - Set this to Yes if you want to attempt authentication without a verified thumbprint.
      • Nessus thumbprints - A set of IP=SHA256:B64HASH pairs to trust for authentication. You will need to scan your Nessus instance with runZero in order to obtain the TLS thumbprint. The TLS fingerprints service attribute report lists all previously seen fingerprints.
  4. If you want other organizations to be able to use this credential, select the Make this a global credential option. Otherwise, you can configure access on a per-organization basis.
  5. Save the credential. You’re now ready to set up and activate the connection to bring in data from Tenable.io or Nessus Professional.

Step 3: Set up and activate the connection to sync data

After you add your Tenable credential, you’ll need to sync your data from Tenable.io or Nessus Professional. This can be accomplished through a connector or a scan probe. Setting up a connector will work for if you’re self-hosting runZero, integrating with Tenable.io, or your Nessus Professional instance is publicly accessible.

Step 3a: Configure a Tenable connector

A connection requires you to set a schedule and choose a site. The schedule determines when the sync occurs, and the site determines where any new InsightVM-only assets are created.

  1. Activate a connection to:
  1. Choose the credentials you added earlier. If you don’t see the credentials listed, make sure the credentials have access to the organization you are currently in.
  2. Enter a name for the task, like Tenable.io sync or Nessus Professional sync.
  3. Schedule the sync. A sync can be set to run on a recurring schedule or run once. The schedule will start on the date and time you have set.
  4. Under Task configuration:
  5. Activate the connection when you are done. The sync will run on the defined schedule. You can always check the Scheduled tasks to see when the next sync will occur.

Step 3b: Configure the Nessus Professional scan probe

You can run the Nessus Professional integration as a scan probe so that the runZero Explorer will pull your vulnerability data into the runZero Console.

In a new or existing scan configuration:

  • Ensure that the NESSUS option is set to Yes in the Probes tab.
  • Set the correct Nessus credential to Yes in the Credentials tab.
  • Optionally, set a minimum severity and risk for ingested vulnerability scan results.

The Tenable.io integration can also be run as a scan probe by configuring the TENABLE option in the Probes tab of a scan configuration and setting the correct Tenable credential to Yes in the Credentials tab.

Step 4: View Tenable assets and vulnerabilities

After a successful sync, you can go to your inventory to view your Tenable assets. These assets will have a Tenable icon listed in the Source column.

The Tenable integration gathers details about vulnerabilities detected in addition to enriching asset inventory data. Go to Inventory > Vulnerabilities to view the vulnerability data provided by Tenable.io.

To filter by Tenable assets, consider running the following queries:

Click into each asset to see its individual attributes. runZero will show you the attributes gathered from the Tenable scan data.