Retrieves vulnerability data and associated metadata for assets from Tenable, including details like CVE identifiers, CVSS scores, descriptions, solution information, and affected systems.
Fill out the rest of the service account fields using your organization's usual process.
Set the Role to Scan Manager and click Finish.
Click the new service user and select API Keys on the left.
Copy the access key and secret key. You'll need them when you set up the Monad connector.
Details
Monad uses the since filter on the API and no others to determine which vulnerabilities to export. This field is updated every time the export is successful with the last export initiation time. as per the tenable documentation linked above... If you do not include the state filter in your request(which we do not), the export includes data for OPEN and REOPENED vulnerabilities that were seen on or after the since date you specify, and FIXED vulnerabilities that were fixed on or after the since date you specify. This means if any vulnerabilities are updated beyond its state its updated data will not be included in the export.
Configuration
The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.
Settings
Setting
Type
Required
Description
Backfill Start Time
string
No
The date to start fetching data from. If not specified, no past records will be fetched.
Secrets
Secret
Type
Required
Description
Access Key
string
Yes
Access Key for the Tenable API. This is required to authenticate requests.
Secret Key
string
Yes
Secret Key for the Tenable API. This is required to authenticate requests.
OCSF Conversion
The following JQ transformation converts Tenable Vulnerability data to OCSF Version 1.0.0-rc.2 compliant format.
The JQ transformation converts Tenable Vulnerabilities to OCSF Version 1.0.0-rc.2 with the following key mappings:
Core Fields
Class UID: Set to 2002 (Vulnerability Finding)
Category UID: Set to 2 (Findings)
Type UID: Set to 200200 (Vulnerability Finding: Unknown)
Activity ID: Set to 0 (Unknown)
Time: Extracted from the scan's started_at field
Strips milliseconds from the ISO timestamp
Converts to Unix timestamp format
Severity ID: Maps directly from the vulnerability's severity_id
Finding Information
Title: Maps from the plugin's name
UID: Converts the plugin ID to string format
Last Seen Time: Converts last_found timestamp to Unix format
First Seen Time: Converts first_found timestamp to Unix format
Vulnerability Details
Description: Maps from plugin description
Name: Maps from plugin name
UID: Plugin ID in string format
CVSS Information:
Version: Set to "3.0"
Vector: Maps from raw CVSS3 vector
Base Score: Maps from CVSS3 base score
Remediation: Maps solution information from plugin
Metadata
Version: Set to "1.0.0-rc.2"
Product:
Vendor name: "Tenable"
Name: "Nessus"
Customization
The transformation serves as a starting point and can be modified to accommodate specific requirements while maintaining OCSF compliance.
The mapping prioritizes essential asset information and cloud provider detection while providing fallback values for optional fields.
