Tenable Cloud Vulnerability Scanners in Graylog
Tenable Cloud is a security scanner that can identify vulnerabilities in devices, applications, operating systems, and other network or cloud resources. Tenable Cloud uses a combination of algorithms to assess threats then assigns a vulnerability risk score based on the Common Vulnerability Scoring System (CVSS).
Use this integration to connect Graylog to Tenable Cloud as a vulnerability data source. Graylog retrieves scan results and vulnerability findings from the Tenable Cloud API and associates them with the relevant machine assets in Graylog. Choose this integration when your Tenable API endpoint is *.cloud.tenable.com.
You can create a Tenable Cloud scanner integration in Graylog with either a paid or free version of Tenable Cloud. When you add a scanner following the directions below, you need the API URL for your Tenable Cloud instance as well as your access key and secret key to create a connection in Graylog. See the Tenable Cloud documentation for information about creating your API keys.
Add a Tenable Cloud Scanner
To add a Tenable Cloud scanner:
-
On the Assets page in the Security user interface, select the Vulnerability Scanners tab.
-
Click Add Scanner, then choose Tenable Cloud from the menu.
-
Fill in the connection details and other information for the scanner:
-
Title: Give the scanner a unique, meaningful name.
-
Description (optional): Provide detail about the purpose of this scanner. Although this field is optional, consider adding information here, particularly if you create multiple Tenable Cloud scanners.
-
Enabled/Disabled Sync (optional): Toggle this setting to Enabled to automatically import scan data on a specified interval.
-
Sync Interval in Hours (optional): If you enable sync, you can set how frequently to run a new import of scan data to update vulnerability information on your Graylog assets. The default setting is 24 hours (once per day).
Hint: The fields below require information from your Tenable Cloud environment. See the Tenable Cloud documentation for complete information.-
API URL: Enter the URL to connect to your Tenable Cloud instance.
-
Access Key: Enter the access key to authenticate with the Tenable Cloud API.
-
Secret Key: Enter the secret key to authenticate with the Tenable Cloud API.
After you provide the connection information, Graylog tests the connection. The result of the test displays at the bottom of the dialog. When you connect successfully, the Folders field becomes available.
-
-
(Optional) Use the Folders field if you want to limit or filter the data for this scanner instance. Folders available here are based on any folder structure you have created in your Tenable Cloud environment.
-
Click Add Scanner to add the scanner.
New scanners are added to the list on the Vulnerability Scanners tab of the Assets page.
Import Vulnerability Scans
You have two methods for importing new vulnerability scan data: automatic sync and manual import. With either method, new imports completely replace previous information so all existing vulnerabilities are updated, as appropriate, and any new information is added.
Import Sync
You enable the automatic sync option with the Enabled Sync setting when you define the scanner. You can also use the toggle on the table view under Enable Periodical Imports.
When the sync option is enabled, new vulnerability data is imported according to the sync interval you set.
Manual Import
To manually import scan data:
-
Click a scanner to view its detail page.
-
Click Import Vulnerabilities.
-
Click Import on the dialog box to confirm.
Further Reading
Explore the following additional resources and recommended readings to expand your knowledge on related topics:
