Import CVEs from Tenable.io Integration

Integrate your Tenable.io Vulnerability Management cloud software account so you can import CVEs to Threat Command.

In addition to importing CVEs, you can enable the import of host information (host name, IP address, and last scan date). This data, which gives a better understanding of which assets are affected by each CVE, is displayed in the Affected Assets tab for each imported CVE.

Before you begin, ensure that you have the Tenable.io access key and secret key.

Import CVEs from Tenable.io to Threat Command

Import CVEs so you can manage them in Threat Command. CVEs from 30 days back are imported.

To import CVEs:

  1. From Threat Command, select Automation > Integrations.
  2. From the Integrations  window, click Cloud. temporary placeholder
  3. Click Add new device.
  4. Type a user-defined name for the device.
    The name can contain a maximum of 50 letters, spaces, numbers, and underscores.
  5. For the Device type, select Tenable.io.
  6. Type the Access Key and Secret Key for the Tenable.io account.
  7. (Optional) To enable the display of host information, select Enable collection of host information.
  8. It is recommended to click Test Credentials to ensure that the credentials are valid.
    If the credentials are not valid, a message is displayed.
  9. Click Add.

The new device is added to the cloud integrations device list. Next to the device name, there is a red dot, indicating that communication has not yet been established. The dot will change to green when the device is synchronized.

Integration credentials are checked periodically. An email message will be sent to the administrator if credentials have expired.

Edit Tenable.io integration

You can edit the Tenable.io connection credentials.

To edit a connection:

  1. From the Threat Command main menu, select Automation > Integrations.
  2. From the Integrations  window, click Cloud.
  3. Select the integration to update.
    The integration details are displayed.
  4. (Optional) You can enable or disable the collection of host information.
  5. Make necessary corrections, then click Test Credentials.
    If the credentials are not valid, a message is displayed.
  6. Click Save.