The Tenable integration compares CVE tags from sources in ThreatConnect and matches against Tenable scan results. Any matching unpatched vulnerabilities found within Tenable are associated with relevant intel in ThreatConnect. Additionally, tasks can be automatically created to notify users about the matching vulnerabilities with necessary details for further action to be taken.
- Discover new threats by continuously scanning for indicators in assets using dynamically created watchlists in Tenable.
- Take action in Tenable to audit for vulnerabilities in assets exploited by threats triggered in ThreatConnect
- The ThreatConnect Tenable app will communicate to Tenable via an API and pull the reports and map them into ThreatConnect. The fields being mapped are File, Host, & URL.
- The API will indicate the indicator details, if it has been observed in Tenable.
- Automation and customization with Playbooks to make it a more specific ingestion is easy to do using the Tenable API and defining what groups/devices [Company Name] wishes to bring in and how often they want to ingest the reports.
- Other potential optimizations would be configuring the Tenable scans into groupings of external/NET facing. This will make the report ingestion simpler and more dynamic in nature over time.
This listing can be found in the ThreatConnect App Catalog under the name: Tenable.sc