Integrate Prisma Cloud with Tenable

Tenable.IO provides API access to assets and their vulnerability information. Configure the Tenable account to use the Tenable AWS, Azure, and GCP connectors. Without connectors, you cannot identify the cloud resource.

The Tenable API requires an access key and secret key in the header. Generate an access key and secret key per user on the Tenable.io app. (See Tenable documentation for information.) Also, make sure that the Tenable role that you use to enable this integration has administrator permissions that include vulns-request-export and assets-request-export API access.

Set up Tenable integration on Prisma Cloud.

Select
Settings
Integrations
.
Add Integration
Tenable
. A modal wizard opens where you can add the Tenable integration.
Enter
Name
and
Description
.
Enter the
Access Key
and the
Secret Key
that are generated in Tenable.io.
See Tenable documentation for information.

Click
Next
and
Test
the integration.Review the Summary and
Save
the integration.

View vulnerabilities detected by Tenable in Prisma Cloud.

After Prisma Cloud has access to the Tenable findings, you can use the following RQL queries for visibility into the host vulnerability information collected from Tenable.

Config Query

config from cloud.resource where finding.type = 'Host Vulnerability' AND finding.source = 'Tenable' AND finding.severity = 'high' 



Select a resource to get information about vulnerabilities. Select

Audit Trail

to view the CVE numbers.



Network Query

network where dest.resource IN ( resource where hostfinding.type = 'Host Vulnerability' )

Click

Host Findings

to see details.