In addition to continuously and passively monitoring network traffic to discover devices and assess risk, Device Security supports the integration of third-party vulnerability scanners such as Tenable Vulnerability Management, formerly known as Tenable.io. You might want to perform an on-demand vulnerability scan to get deeper insights on device vulnerabilities or if Device Security detects anomalous behavior warranting investigation of a particular device. Device Security incorporates the scan results such as CVEs into its ongoing risk score assessments. It can also send detected vulnerabilities to a CMMS as work orders for tracking and resolving.

When you initiate a vulnerability scan from the Device Security portal, it sends a command through Cortex XSOAR to Tenable Vulnerability Management in the cloud. Tenable then relays the scan command to a Nessus scanner, and after the scan is complete, Tenable returns the results in a PDF report through XSOAR to Device Security. The flow is illustrated step-by-step below.

Integrating with Tenable requires either a full-featured Cortex XSOAR server or the purchase and activation of an Device Security third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan includes a license for three integration add-ons, one of which can be used for Tenable Vulnerability Management. The advanced plan includes a license for all supported third-party integrations.