Integrate Prisma Cloud with Tenable

Learn how to integrate Prisma™ Cloud with Tenable.
Prisma™ Cloud ingests vulnerability data from Tenable to provide you with additional context about risks in the cloud. This integration enables you to, for example, identify suspicious traffic to sensitive workloads, such as to databases with known vulnerabilities.
AWS, Azure, and GCP clouds support the Prisma Cloud integration with Tenable.
  1. Tenable.IO provides API access to assets and their vulnerability information. Configure the Tenable account to use the Tenable AWS, Azure, and GCP connectors. Without connectors, you cannot identify the cloud resource.
    Tthe Tenable API requires an access key and secret key in the header. Generate an access key and secret key per user on the Tenable.io app. (See Tenable documentation for information.) Also, make sure that the Tenable role that you use to enable this integration has administrator permissions thatinclude vulns-request-export and assets-request-export API access.
  2. Set up Tenable integration on Prisma Cloud.
    1. Select
      Settings
      Integrations
      .
    2. Set the
      Integration Type
      to
      Tenable
      .
    3. Enter an
      Integration Name
      and
      Description
      .
    4. Enter the
      Access Key
      and the
      Secret Key
      that are generated in Tenable.io.
      See Tenable documentation for information.
      tenable-add-integration-in-prisma-cloud.png
    5. Click
      Next
      and
      Test
      the integration.
  3. View vulnerabilities detected by Tenable in Prisma Cloud.
    1. After Prisma Cloud has access to the Tenable findings, you can use the following RQL queries for visibility into the host vulnerability information collected from Tenable.
      Config Query
      config where hostfinding.type = 'Host Vulnerability' AND hostfinding.source = 'Tenable' AND hostfinding.severity = 'high'
      tenable-hostfinding-config-query.png
      Select a resource to get information about vulnerabilities. Select
      Audit Trail
      to view the CVE numbers.
      tenable-audit-trail.png
      Network Query
      network where dest.resource IN ( resource where hostfinding.type = 'Host Vulnerability' )
      Click
      Host Findings
      to see details.
      tenable-host-findings-view.png

Related Documentation