Skip to main content

Tenable.io Event Collector

This Integration is part of the Tenable.io Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.8.0 and later.

Tenable.io Event Collector integration. This integration was integrated and tested with version 1.0 of Tenable.io

Configure Tenable.io Event Collector on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Tenable.io Event Collector.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Access KeyTenable API access key.True
    Secret KeyTenable API secret key.True
    Vulnerabilities Fetch IntervalFetch interval in minutes.True
    SeverityThe severity of the vulnerabilities to include in the export.False
    First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)False
    Max FetchThe maximum number of audit logs to retrieve for each event type. For more information about event types see the help section.False
    Trust any certificate (not secure)False
    Use system proxy settingsFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

tenable-get-audit-logs#


Returns audit logs extracted from Tenable io.

Base Command#

tenable-get-audit-logs

Input#

Argument NameDescriptionRequired
should_push_eventsSet this argument to True in order to create events, otherwise the command will only display the events. Possible values are: true, false. Default is false.Required
limitThe maximum number of alerts to return (maximum value - 5000).Optional
from_dateReturn events that occurred after the specified date.Optional
to_dateReturn events that occurred before the specified date.Optional
actor_idReturn events that contain the specified actor UUID.Optional
target_idReturn events matching the specified target UUID.Optional

Context Output#

There is no context output for this command.

Command example#

!tenable-get-audit-logs limit=1

Human Readable Output#

Audit Logs List:#

ActionActorCrudDescriptionFieldsIdIs AnonymousIs FailureReceivedTarget
user.createid: testc{'key': 'X-Access-Type', 'value': 'apikey'},
{'key': 'X-Forwarded-For', 'value': '1.2.3.4'},
{'key': 'X-Request-Uuid', 'value': '12:12:12:12:12'}
12truefalse2022-05-18T16:33:02Zid: 12-1-1-1-1
name: test@test.com
type: User

tenable-get-vulnerabilities#


Returns vulnerabilities extracted from Tenable io.

Base Command#

tenable-get-vulnerabilities

Input#

Argument NameDescriptionRequired
should_push_eventsSet this argument to True in order to create events, otherwise the command will only display the events. Possible values are: true, false. Default is false.Required
last_foundReturns vulnerabilities that were last found between the specified date (in Unix time) and now.Optional
num_assetsThe severity of the vulnerabilities to include in the export.Optional
hide_polling_outputWhether to hide the polling output.Optional

Context Output#

There is no context output for this command.

Human Readable Output#

Vulnerabilities List:#

AssetFirst FoundIndexedLast FoundOutputPluginPortScanSeveritySeverity Default IdSeverity IdSeverity Modification TypeState
test2022-08-14T14:53:18.852Z2022-08-14T14:53:53.627Z2022-08-14T14:53:18.852ZPort 465/tcp was found to be openchecks_for_defaultinfo00NONEOPEN