: Get Vulnerability Scan Reports from Tenable
Focus
Focus

Get Vulnerability Scan Reports from Tenable

Table of Contents

Get Vulnerability Scan Reports from Tenable

Import Tenable vulnerability scan reports into
IoT Security
and view them from the
IoT Security
portal.
XSOAR can run jobs that download vulnerability scan reports from Tenable, even those not initiated from the IoT Security portal, and then export them to
IoT Security
when they include devices in the
IoT Security
inventory.
One job runs periodically and downloads any new vulnerability scan reports that Tenable generated within the past hour. The other job must be manually initiated and downloads all reports from Tenable generated within the past 30 days in bulk.
Because the bulk job retrieves all vulnerability reports for the past 30 days, older reports for devices with dynamically assigned IP addresses might not align with devices using these IP addresses now. As a result, vulnerability information might be associated with the wrong devices and risk scores might be miscalculated. Therefore, use this tool sparingly and with caution, or rely solely on the periodic job to gather recently generated reports from Tenable incrementally.
Tenable supports scans of single devices and multiple devices. If a Tenable vulnerability scan report for single or multiple devices includes any devices in your
IoT Security
inventory, then the
IoT Security
portal displays the report on the
Device Details
page for the included devices and on the
Reports
Vulnerability Scan Reports
page.
A vulnerability scan report for multiple devices contains results for all the scanned devices. However,
IoT Security
changes the report name of the file that each scanned device links to so that the name includes its MAC address. As a result, different report names will link to the same file if the report includes results for multiple devices.
If you are using the default integration instance (and haven’t changed its name) for the jobs that retrieve vulnerability scan reports from Tenable incrementally or in bulk, simply select one of the predefined jobs and click
Enable
or
Run now
:
  • PANW IoT Incremental Export of reports from Tenable (
    Enable
    )
  • PANW IoT Bulk Export of reports from Tenable (
    Run now
    )
If you are using a custom-defined integration instance that you created, follow the steps below.
  1. Create an XSOAR job to retrieve vulnerability scan reports from Tenable incrementally.
    1. Navigate to
      Settings
      in the XSOAR UI, open the Tenable integration instance that you previously created, and copy the integration instance name.
    2. Navigate to
      Jobs
      and then click
      New Job
      at the top of the page.
    3. In the New Job panel that appears, enter the following and leave the other settings at their default values:
      Recurring
      : Select this to poll Tenable periodically for new reports.
      Every
      : Enter a number and set the interval value (Minutes, Hours, Days, or Weeks) and select the days on which to run the job. (To run the job every day, either select all days or leave them unselected.) This determines how often XSOAR checks Tenable for scan reports generated within the past hour and downloads them if available.
      To ensure
      IoT Security
      doesn’t miss any reports, set this for 1 hour (or 60 minutes).
      Name
      : Enter a name for the job.
      Playbook
      : Choose
      Incremental Tenable Get Scans and Report Handling V2- PANW IoT 3rd Party Integration
      .
      Integration Instance Name
      : Paste the Tenable integration instance name you copied.
    4. Click
      Create new job
      .
    5. To start running the job at recurring intervals, select the job and click
      Enable
      at the top of the Jobs table.
  2. Create an XSOAR job to retrieve vulnerability scan reports from Tenable in bulk.
    1. On the Settings page in the XSOAR UI, open the Tenable integration instance that you previously created and copy the integration instance name.
    2. Navigate to
      Jobs
      and then click
      New Job
      at the top of the page.
    3. In the New Job panel, enter the following and leave the other settings at their default values:
      Name
      : Enter a name for the job.
      Playbook
      : Choose
      Bulk Tenable Get Scans and Report Handling V2- PANW IoT 3rd Party Integration
      .
      Integration Instance Name
      : Paste the Tenable integration instance name you copied.
    4. Click
      Create new job
      .
    5. To initiate the job, select it and then click
      Run now
      at the top of the Jobs table.
  3. View imported vulnerability scan reports in the
    IoT Security
    portal.
    Open the
    Device Details
    page for a device whose report you want to see and then click the link to the PDF in the Security summary section near the top of the page.
    or
    Click
    Reports
    Vulnerability Scan Reports
    and click the report name for a scanned device.

Recommended For You