# Tenable.io (cloud)

The NetSPI Platform has a broad integration with Tenable.io.

Similar to our other integrations, the Tenable.io integration is read-only and does not perform actions to
configure systems or otherwise change anything about your Tenable.io system.

## Supported asset types

Thr Tenable.io integration provides the NetSPI Platform visibility into the following asset types:

- IPV4 Addresses
- Systems
- DNSRecord
- Vulnerabilities

## Data run frequency

The Tenable.io integration pulls data at minute 10 past every sixth hour (e.g., 12:10, 6:10, 12:10, etc.).

## Endpoints used

This integration needs access to the following API endpoints:

- [https://cloud.tenable.com/assets/export](https://cloud.tenable.com/assets/export)
- [https://cloud.tenable.com/workbenches/vulnerabilities/{}/outputs](https://cloud.tenable.com/workbenches/vulnerabilities/{}/outputs)

## Required permissions

This integration needs an API key with the following access permissions:

- Administrator

## Configuration steps

Use the section below for configuring Tenable to integrate with the NetSPI Platform.

### Step one: Tenable.io system configuration

1. Log in to the tenable.io platform with a user account that has the Administrator role applied, or create a
dedicated Administrator account within tenable.io for the NetSPI Platform.

2. Navigate to the User Profile icon in the upper right hand corner and select **My Account** to display the
My Account page.

   ![Tenable User Profile](/static/caasm/tenable_1.png "Tenable User Profile")

3. Select the API KEYS radio button on the left menu, and then select the **Generate** button in the lower right as
illustrated below.

   ![Tenable API Keys Screen](/static/caasm/tenable_2.png "Tenable API Keys Screen")

4. Copy the Access Key and Secret Key values as they cannot be revealed again.

   ![Tenable Access Key and Secret Screen](/static/caasm/tenable_3.png "Tenable Access Key and Secret Screen")

### Step two: NetSPI Platform CAASM configuration

Use the steps below to configure the Tenable.io integration within the NetSPI Platform.

1. Log into the NetSPI Platform as a Client Admin user.

2. Navigate to *Settings -> CAASM Integrations* to display the Integrations page.

   ![Platform Integrations page](/static/caasm/integrations/integrations_landing.png "Platform Integrations page")

3. Select the *Integration Library tab -> Integration Categories / Vulnerability Management (VM) ->
Tenable Vulnerability Management Integration*.

   ![Integration Library tab](/static/caasm/integrations/select_integration_tenable.png "Integration Library tab")

   This brings the Tenable Vulnerability Management integration card into focus.

   !!!Note
   You can also locate the integration card by:

      - Scrolling down the page on the *Integration Library* tab
      - Filter the integration options displayed by selecting any of the other left navigation choices besides
      *Integration Categories*, e.g., by *Modules* or *Integration Scopes* (cloud or on premise)
      - Enter the integration name in the Search integration bar
   !!!

4. Select the **Add** button on the Tenable Vulnerability Management Integration card to display the
Tenable Vulnerability Management integration configuration page.

   ![Tenable integration page](/static/caasm/integrations/integrations_tenable.png "Tenable integration page")

5. Select and enter values for the following fields.

   1. Select the integration type from the *Integration* drop-down list. In this case,
   *STenable Vulnerability Management Integration*, which is already selected by default.

   2. Select the integration scope from the *Scope* drop-down list. The Tenable integration can only run
   on a cloud scope, which was configured by NetSPI, and *Cloud* displays as the default value.

   3. Enter an integration name and description in the *Integration Name* and *Description* fields.

   4. Select the *Enabled* slider button to display as either on (blue) or off (light gray).

   5. In the *Tenable Vulnerability Management Parameters* field group, enter or select the following in the
   corresponding fields:

   | Field | Value |
   | ----- | ----- |
   | *Tenable Server IP or Hostname* | The Tenable server IP or hostname as configured in step 1 in the [Step one: Tenable.io system configuration](#step-one-tenableio-system-configuration) section above |
   | *Tenable API Token* and *Tenable Secret* | The Tenable API token and secret you created in step 3 and 4 in the [Step one: Tenable.io system configuration](#step-one-tenableio-system-configuration) section above |
   | *Include Terminated Assets* drop-down list | Select *Yes* or *No* to include terminated assets in the NetSPI Platform integration or not |
   | *Last Update Time* | Modify the *Last Update Time* value as appropriate. This value controls how much data to pull from Tenable based on the difference between the current time at next integration run and this value. |

6. Select **Create** to create the integration. The new integration now displays on the Applied Integrations tab
   with its statuses: current and last run, last run time, and status (enabled/disabled).