Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dgoldhar
Employee Alumnus
Employee Alumnus
Jump to solution

New CloudGuard Dome9 integration support: Tenable.io

The option to integrate Tenable.io has now been added to the CloudGuard Dome9 Posture Management module. With this integration, you can correlate information from Tenable.io and Dome9, to identify the most critical vulnerabilities in your cloud environment.

It can also hel you remediate the risks for your cloud services, using the CloudBots technology, based on severity and reduction of attack surface.

You can include Tenable.io  details in enhanced GSL queries, to identify conditions such as the following:

  • what are the public facing instances with High/Mid or Low Severity CVE’s?

  • which web server workload has known CVEs?

  • which vulnerable workloads have we detected in our cloud environment in the last XX days?

Example GSL

Instance where isPublic=true should not have externalFindings.findings contain [ ( findingSource='Tenable.io ') ]

GSL-example.png

For more details, see here

1 Solution

Accepted Solutions
Guyshteinberg
Employee
Employee

Hello,

 

We utilize the export API as required by Tenable according to the following guidelines.

 

  1. Tenable documentation states that for integrations with third-party you should use the Tenable Export Apis (https://developer.tenable.com/docs/retrieve-vulnerability-data-from-tenableio)
  2. They also made sure that we use them before approving the integration

Tenable Export Apis require Admin permissions

Guyshteinberg_0-1604582568463.jpeg

 

Guyshteinberg_1-1604582568467.jpeg

 

Thanks,
Guy Shteinberg

View solution in original post

0 Kudos
3 Replies
adamybsci
Participant

We are testing the Tenable integration however it states that the admin role is required on the Tenable side.  Is this necessary? Dome9 is only pulling CVE results from Tenable's cloud assets inventory so read-only should be sufficient.  It doesn't need to initiate a scan, etc. We like to know why Dome9 needs Tenable's admin role before we proceed with the testing.  Thanks.

 

0 Kudos
Guyshteinberg
Employee
Employee

Hello,

 

We utilize the export API as required by Tenable according to the following guidelines.

 

  1. Tenable documentation states that for integrations with third-party you should use the Tenable Export Apis (https://developer.tenable.com/docs/retrieve-vulnerability-data-from-tenableio)
  2. They also made sure that we use them before approving the integration

Tenable Export Apis require Admin permissions

Guyshteinberg_0-1604582568463.jpeg

 

Guyshteinberg_1-1604582568467.jpeg

 

Thanks,
Guy Shteinberg

0 Kudos
adamybsci
Participant

We have yet to get our Tenable integration working in Dome9. I've been testing with a Windows 2016 AWS EC2 instance with 3rd party and OS vulnerabilities.  However still nothing shows up in the alerts as "tenable" source.

What are the requirements on the Tenable side that vulnerabilities are captured and matched with a cloud asset on Dome9?

0 Kudos