Create a Tenable connector

This task explains how to configure the Tenable connector in Cisco Security Cloud. After you configure the connector, you must also configure an adapter to receive the dynamic object.

Before you begin

We support Tenable Vulnerability Management only. We do not support Tenable Security Center.

Required User Role:

  • Super Admin

Procedure

Step 1

Log in to Cisco Security Cloud.

Step 2

Click Firewall.

Step 3

Click Administration > Dynamic Attributes Connector > Connectors.

Step 4

Do any of the following:

  • Add a new connector: click Add icon (add icon), then click the name of the connector.

  • Edit a connector: click Edit icon (edit icon).

  • Delete a connector: click Delete icon (delete icon).

Step 5

Enter the following information.

Value

Description

Name

(Required.) Enter a name to uniquely identify this connector.

Description

Optional description.

Pull Interval

(Default 21600 seconds or six hours.) Interval at which IP mappings are retrieved from Tenable.

We recommend a minimum value of 3600 seconds (one hour) to avoid issues with Tenable rate limiting.

Integration Key

Enter the API key you got in Get the Tenable API key and secret.

Secret Key

Enter the secret key obtained in Get the Tenable API key and secret.

Dynamic Object Name

Enter a name to identify the dynamic object created by this connector.

Severity Score

Click the minimum vulnerability severity level for the dynamic attributes connector to send IP addresses to the Cloud-Delivered Firewall Management Center. (For example, if you click high, IP addresses of hosts with either high or severe vulnerabilities are sent.)

Choices:

  • severe

  • high

  • medium

  • low

Severity System

Choices:

  • VPR: (Vulnerability priority rating.) Proprietary Tenable vulnerability rating that dynamically scores threats.

    VPR values range from 0.1-10.0, with a higher value representing a higher likelihood of exploit:

    • VPR severe is 9.0 and greater

    • VPR high is 7.0 and greater

    • VPR severe is 4.0 and greater

    • VPR low is 0.1 and greater

  • CVSSv3: (Common vulnerability scoring system version 3.) Industry-standard system that retrieves values from the national vulnerability database to describe risk associated with vulnerabilities. CVSS scores power a vulnerability's severity and risk value.

For more information, see CVSS vs. VPR.

Step 6

Click Test. Save the connector only after the test succeeds.

Step 7

Click Save.

Step 8

Make sure Ok is displayed in the Status column.

What to do next

See Create an adapter.