Seamlessly deploy patches from Endpoint Central for the vulnerabilities detected by Tenable Vulnerability Management (formerly Tenable.io)

The Endpoint Central - Tenable Vulnerability Management (formerly Tenable.io) integration aims at closing the gap between vulnerability detection and remediation(namely patch deployment). With this integration, IT admins can effortlessly deploy patches from the Endpoint Central console for the vulnerabilities detected by Tenable Vulnerability Management.

No more multiple dashboards, No more manual correlations between vulnerabilities and the relevant patches, the Endpoint Central - Tenable Vulnerability Management integration does all the work for you!

Steps to integrate Tenable Vulnerability Management (formerly Tenable.io) with Endpoint Central

Generate API keys in Tenable Vulnerability Management

• To generate Tenable Vulnerability Management API keys, you need to have Administrator access to Tenable Vulnerability Management.

Note: Administrators need at least "Can View" access control permission to import the vulnerability details from Tenable Vulnerability Management. Learn more

• If you have Administrator privileges, you can generate the required API keys by following this user-guide by Tenable Vulnerability Management.
• Once you click Generate, Tenable Vulnerability Management generates an Access key and Secret key.
• Store these keys in a secure location.

Configure API Settings in Endpoint Central

• Navigate to Admin > Integration > Threat scanner settings. Only users with Administrator privileges can configure the API Settings.
• Enter the Access key and the Secret key.
• Enable or Disable Asset export from ManageEngine to Tenable Vulnerability Management.

To post asset data, you need to have Administrator access to Tenable Vulnerability Management. Learn more.

• Configure the frequency at which you want the data sync to happen.
• Click on Save to enable the Integration.

Workflow

• After enabling the Integration, Endpoint Central will import the vulnerability details and the affected machine details from Tenable Vulnerability Management.
• Only the following plugin families are supported now,
  • Windows
  • Windows: Microsoft Bulletins
  • Databases
  • Misc
  • CentOS Local Security Checks
  • Debian Local Security Checks
  • Oracle Linux Local Security Checks
  • Red Hat Local Security Checks
  • Rocky Linux Local Security Checks
  • SUSE Local Security Checks
  • Ubuntu Local Security Checks
  • Amazon Linux Local Security Checks
• Identify the corresponding patch/fix for the respective vulnerabilities and remediate those vulnerabilities by installing the appropriate patch.

• Threats detected by Tenable, with the patch availability, will be listed under Tenable.io Threats. Users can also deploy patches for vulnerabilities from this view.

FAQs

1) Will the required patches be updated automatically by Tenable or do we need to configure Endpoint Central to extract the scan result?

The Tenable API details are required to be configured in the Endpoint Central console (one-time setup). Once the integration is set, the vulnerabilities scanned by Tenable would automatically be imported to the Endpoint Central console and the required patches will be mapped.

2) Do we need to perform scanning after patching or will the data be automatically updated to Tenable after Endpoint Central patches the vulnerabilities?

Once a Manual Deployment task is created in Endpoint Central and the patches are successfully deployed, a scan is required to be performed in Tenable (this can also be scheduled). This will update the latest scan results.

3) Do we need to install both the Tenable and Endpoint Central agents on the systems for a successful integration?

Yes, both the Tenable and Endpoint Central agents need to be installed on the systems. This ensures that the patches are automatically mapped to the vulnerabilities scanned by Tenable.

4) Can I integrate Endpoint Central with Nessus?

Since Nessus does not support APIs for integration, it is not possible to integrate it with Endpoint Central.

5) How would patches be deployed to mitigate the vulnerabilities, post-integration?

Upon successful integration, the details of the vulnerabilities scanned by Tenable can be imported to the Endpoint Central console. Patches can then be deployed for the required vulnerabilities by creating a Manual Deployment task. Patches would not be automatically deployed (via Automate Patch Deployment tasks) for the imported vulnerabilities.

6) How can I selectively integrate data from Tenable for a specific group of systems?

To import data for a specific group of systems, you can create an Access Group in Tenable containing only the assets data that you intend to import. Then, you can grant Can View permissions to the created Access Group. Subsequently, use the dedicated user API key for integrating with Endpoint Central.

7) Why are certain vulnerabilities marked as Not Available in terms of Patch Availability?

Patches for vulnerabilities detected by Tenable are mapped by comparing with the imported CVE information. Specifically, only patches supported by Endpoint Central will be associated with Tenable-detected vulnerabilities. Check the list of supported applications for reference. Note: Endpoint Central currently does not support patching user installed applications.

8) Why are the imported vulnerability details fewer than the data present in Tenable?

Only vulnerabilities associated with certain Tenable plugin families is imported. Additionally, vulnerability details are imported solely for systems accessible to or within the scope of the specific integrated user.