runZero integrates with Tenable.io and Tenable Nessus to enrich your asset inventory and gain visibility into vulnerabilities detected in your environment. The Tenable.io and Nessus Professional integration pulls data from the Tenable API, while all versions of Tenable Nessus are supported through .nessus file imports.

Note that at this time, only the main Tenable.io cloud API endpoint at https://cloud.tenable.com is supported.

How runZero maps Tenable hosts to assets:

  • For Tenable hosts that can be matched to an existing runZero asset, asset-level attributes such as IP address, hostname, and MAC address will be updated, and Tenable-specific attributes will be added.

  • For hosts that cannot be matched with an existing runZero asset, a new asset will be created in the site specified when the integration task is set up.

runZero is able to merge existing assets with Tenable data when the MAC address, hostname, or IP address overlaps. If you have a cloud integration configured, cloud assets will be matched first by their cloud identifier. Tenable devices can also be manually merged into runZero assets using the Merge button on the Asset Inventory page.

Asset inventory

There is a column on the asset inventory page showing the count of vulnerabilities detected by Tenable for each asset. When a single asset is selected, the vulnerabilities table lists all the results related to that asset. The vulnerability count can be impacted by the type of vulnerability scan as well as the import settings selected.

Vulnerabilities table

The Vulnerabilities tab of the inventory lists all vulnerability results that have been imported from Tenable. The table lists every result, and selecting a result will take you to the page for the impacted asset.

Severity and risk scores

Tenable uses the third-party Common Vulnerability Scoring System (CVSS) values from the National Vulnerability Database (NVD) to describe severity associated with vulnerabilities. Tenable assigns all vulnerabilities a severity rating (Info, Low, Medium, High, or Critical) based on the vulnerability’s static CVSSv2 or CVSSv3 score. By default, Tenable uses CVSSv2, however users can opt to use CVSSv3 instead. runZero displays the CVSSv2-based severity in the Inventory and Asset views.

To supplement the severity ratings, Tenable calculates a dynamic Vulnerability Priority Rating (VPR) for most vulnerabilities. The VPR is a dynamic companion to the data provided by the vulnerability’s CVSS score, since Tenable updates the VPR to reflect the current threat landscape. VPR values range from 0.1-10.0, with a higher value representing a higher likelihood of exploit. runZero displays the VPR-based risk in the Inventory and Asset views. For more details about how Tenable handles severity and risk, please refer to their documentation.