Tenable Security Center Connector

overview the tenable security center connector enables integration between swimlane turbine and the tenable security center api, allowing users to automate key security operations such as running scans, retrieving assets, managing credentials, and analyzing scan results tenable security center provides comprehensive vulnerability management and threat detection this connector allows swimlane turbine users to streamline vulnerability workflows by automating interactions with tenable's data, assets, and scans by using this connector, teams can reduce manual steps in security assessments, increase the speed of threat response, and ensure timely access to vulnerability intelligence within their broader security orchestration environment limitations none to date supported versions tenable security center 5 x and later additional docs tenable security center api reference https //docs tenable com/security center/api/index html configuration authentication methods to effectively utilize the tenable security center connector with swimlane turbine, you must configure the following credentials access key api access key generated from the tenable security center ui secret key secret key paired with the access key for authentication capabilities add a analysis add a scan add asset group download scan results get asset get credentials get policies get repositories get scan results get scans run scan get list queries get alert get hosts asset setup the asset for this connector requires the following inputs access key secret key tenable sc asset setup the asset setup is pretty straightforward for tenable sc as long as you are using the few built in actions currently available with the connector tenable sc asset setup for generic http the asset setup for using the http connector with tenable sc requires that you create a new http api key authentication asset in the key field you need to put in x apikey and in the value field you need to put in both the access key and the secret key in this format (including the space and semicolons and substitute your access key and secret key for the ####'s) accesskey=########; secretkey=#######; the add to line can be left at the default of header as shown below tenable sc http actions when configuring the actions for the tenable sc http asset, you will need the url and you will need to turn off the ssl validation yes, they currently have this set to work without using ssl and since the default http action has ssl validation on you will need to turn that off on the settings tab of the http action the api guide for the tenable sc actions can currently be found at https //docs tenable com/security center/api/ https //docs tenable com/security center/api/ the api guide specifies the base url should be in this format http //host\ port/rest/resource name however, i found that the port was not required and https works (as long as ssl validation is turned off) the /rest at the end of the url is required and then another forward slash and then the resource name for example, to get the plugin info i used this exact url (i did use https and substituted a real system name and turned off ssl validation) https //host domain tld/rest/plugin depending on the api resource, other parameters may be required in the case of the plugins i was looking for we wanted to know the active plugins to get that result we added the following to the parameters tab filterfield=type op=eq value=active this was successful at pulling back the active plugins data on our test system for the pov i was working on the organization needed to grab the vulnerability data from the main dashboard in tenable sc this appears to be available using the analysis endpoint of the api that is not available yet in the connector i requested for that to be added in spt 28099 in the meantime, i was able to use the http connector and generate a query to get the data using the following post to https //x x x x 443/rest/analysis api key auth using the asset format mentioned above with the x apikey key and the long string of access key and secret key in the value ssl certificate validation off a json body like this (obviously you would adjust the query as needed) { "query" { "startoffset" 0, "endoffset" 50, "type" "vuln", "tool" "vulndetails" }, "sourcetype" "cumulative", "type" "vuln" }