In addition to continuously and passively monitoring network traffic to discover devices and assess risk, IoT Security supports the integration of third-party vulnerability scanners such as Tenable.io. You might want to perform an on-demand vulnerability scan to get deeper insights on device vulnerabilities or if IoT Security detects anomalous behavior warranting investigation of a particular device. IoT Security incorporates the scan results such as CVEs into its ongoing risk score assessments. It can also send detected vulnerabilities to a CMMS as work orders for tracking and resolving.

When you initiate a vulnerability scan from the IoT Security portal, it sends a command through Cortex XSOAR to Tenable.io in the cloud. Tenable then relays the scan command to a Nessus scanner, and after the scan is complete, Tenable returns the results in a PDF report through XSOAR to IoT Security. The flow is illustrated step-by-step below.

Integrating with Tenable requires either a full-featured Cortex XSOAR server or the purchase and activation of an IoT Security third-party integration add-on license, which comes with a free cohosted Cortex XSOAR instance. The basic plan includes a license for three integration add-ons, one of which can be used for Tenable. The advanced plan includes a license for all supported third-party integrations.