If you are currently working with Tenable.sc and would like to retrieve relevant data such as vulnerabilities and vulnerable endpoints, integration with Tenable.sc exists. The collected data from Tenable.sc automatically arrives via API calls.
Once the integration with Tenable.sc is established, you will be able to see in Jetpatch all actions related to Tenable.sc:
- Create a remediation plan based on Tenable.sc
- Download Tenable.sc Report per endpoint server
- Clear data derived from Tenable.sc
In addition, JetPatch will pull additional patches details like relevant CVEs and scores.
The relevant vulnerabilities that will be pulled by JetPatch are related to the patches families below:
- Red Hat Local Security Checks
- CentOS Local Security Checks
- Oracle Linux Local Security Checks
- Amazon Linux Local Security Checks
- SuSE Local Security Checks
- Windows - Microsoft Bulletins.
Prerequisites
- JetPatch version 4.1.2.107+
- Communication to Tenable.sc server from the JetPatch application server must be allowed
- API Access of an admin user in Tenable.sc
Tenable.sc Operation Flow
There are two types of communication between the JetPatch application and the Tenable.sc:
Full Scan
Provide full information about endpoints that exist in Tenable.sc. This information consist of:
- Information of all endpoints in Tenable.sc that has more than 0 vulnerabilities
- For each endpoint - bring its patches.
The full scan runs once a week (configurable). Vulnerabilities that have been remediated will still be shown in JetPatch (as fixed) like they are still detected in Tenable.sc.
It means that in case all the vulnerabilities were mitigated on a particular EP and Tenable.sc reports zero vulns., this will be updated on full scan only.
It is possible to trigger a full scan manually by login into the JetPatch console and then go to the following URL:
https://<JETPATCH_ADDRESS>/vmanage-server/rest/experimental/patch-governance/tenable.sc/full-scan
In case a scan is already in progress (full or partial) JetPatch will return an error but will initiate a full scan after the current scan is finish.
Partial scan
Provide partial information about endpoints that exist in Tenable.sc.
Once a day (configurable) JetPatch will pull only the new vulnerabilities (since the last partial or full scan) that were discovered on endpoints.
Notes - JetPatch stores the last time each of the scans ended in the "configuration" table in 'tenable.sc.full.last.run' and 'tenable.sc.part.last.run' properties.
Tenable.sc Configuration in JetPatch
Enable Tenable.sc integration and add authentication properties:
tenable.sc.enabled=true
tenable.sc.key.api=
tenable.sc.key.secret=
tenable.sc.hostname=https://Your_Tenable_Server_IP_or_Hostname
Note - the properties above (key.api, key.secret, and hostname) are relevant for the user that will be used for the integration.
Enable proxy for communication:
tenable.sc.proxy.enabled=false
Note - If the property above is true, need to add the host & port properties from configure proxy in JetPatch. The username & passwords are optional.
To test, log into the JetPatch server and run the following command
curl -X GET -H "User-Agent: Integration/1.0 (JetPatch; JetPatch; Build/1.0)" -H "x-apikey: accessKey={tenable.sc.key.api};secretKey={tenable.sc.key.secret}" {tenable.sc.hostname}/rest/pluginFamily
Advanced Settings
There is no need to add the properties below unless there is a need to change them.
Data & Communication configuration
tenable.sc.pagesize=1000
tenable.sc.http.max_retries:5
Use self-signed certificate for the Tenable.sc instance
tenable.sc.ssl.trustAll=false
Scans Intervals
enable.sc.job.initial.delay.sec=120
tenable.sc.full-scan-delay-days=7
tenable.sc.job.interval.sec=86400
General Vulnerability Scanner Properties
Please check the "General Configuration" section in the Vulnerability Scanners Integration article.
Create a Remediation Plan Based on Tenable.sc
Read more on How to create a Remediation Plan based on Tenable.sc here.
Download an Endpoint's Tenable.sc Report
Read more on how to configure and download an endpoint's Tenable.sc report here.
Clear Data derived from Tenable.sc
If you would like to remove Tenable.sc data follow the Clear Data instructions.
Comments
0 comments
Please sign in to leave a comment.