This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dgoldhar
Employee Alumnus
Employee Alumnus
‎2020-04-22 11:36 PM
Jump to solution

New CloudGuard Dome9 integration support: Tenable.io

The option to integrate Tenable.io has now been added to the CloudGuard Dome9 Posture Management module. With this integration, you can correlate information from Tenable.io and Dome9, to identify the most critical vulnerabilities in your cloud environment.

It can also hel you remediate the risks for your cloud services, using the CloudBots technology, based on severity and reduction of attack surface.

You can include Tenable.io  details in enhanced GSL queries, to identify conditions such as the following:

  • what are the public facing instances with High/Mid or Low Severity CVE’s?

  • which web server workload has known CVEs?

  • which vulnerable workloads have we detected in our cloud environment in the last XX days?

Example GSL

Instance where isPublic=true should not have externalFindings.findings contain [ ( findingSource='Tenable.io ') ]

GSL-example.png

For more details, see here

1 Solution

Accepted Solutions
Guyshteinberg
Employee
Employee
‎2020-11-05 05:26 AM
In response to adamybsci
Jump to solution

Hello,

 

We utilize the export API as required by Tenable according to the following guidelines.

 

  1. Tenable documentation states that for integrations with third-party you should use the Tenable Export Apis (https://developer.tenable.com/docs/retrieve-vulnerability-data-from-tenableio)
  2. They also made sure that we use them before approving the integration

Tenable Export Apis require Admin permissions

Guyshteinberg_0-1604582568463.jpeg

 

Guyshteinberg_1-1604582568467.jpeg

 

Thanks,
Guy Shteinberg

View solution in original post

0 Kudos
3 Replies
adamybsci
Participant
‎2020-11-04 09:17 AM
Jump to solution

We are testing the Tenable integration however it states that the admin role is required on the Tenable side.  Is this necessary? Dome9 is only pulling CVE results from Tenable's cloud assets inventory so read-only should be sufficient.  It doesn't need to initiate a scan, etc. We like to know why Dome9 needs Tenable's admin role before we proceed with the testing.  Thanks.

 

0 Kudos
Guyshteinberg
Employee
Employee
‎2020-11-05 05:26 AM
In response to adamybsci
Jump to solution

Hello,

 

We utilize the export API as required by Tenable according to the following guidelines.

 

  1. Tenable documentation states that for integrations with third-party you should use the Tenable Export Apis (https://developer.tenable.com/docs/retrieve-vulnerability-data-from-tenableio)
  2. They also made sure that we use them before approving the integration

Tenable Export Apis require Admin permissions

Guyshteinberg_0-1604582568463.jpeg

 

Guyshteinberg_1-1604582568467.jpeg

 

Thanks,
Guy Shteinberg

0 Kudos
adamybsci
Participant
‎2021-01-27 02:29 PM
Jump to solution

We have yet to get our Tenable integration working in Dome9. I've been testing with a Windows 2016 AWS EC2 instance with 3rd party and OS vulnerabilities.  However still nothing shows up in the alerts as "tenable" source.

What are the requirements on the Tenable side that vulnerabilities are captured and matched with a cloud asset on Dome9?

0 Kudos
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events