Configuring the Scanner Connector

As an administrator, you can configure different types of scanners to scan security risks and vulnerabilities across your IT infrastructure. BMC Helix Automation Console currently supports Tenable.io as a Scanner Connector.  as other scanners will eventually be integrated with the Automation Console.

Tenable.io is a comprehensive vulnerability management solution that provides complete visibility of the security risks across your IT infrastructure. With this integration, you can retrieve the vulnerability scan results from multiple Tenable.io instances and process the vulnerabilities to map the remediation content. You can then create operations to remediate vulnerabilities. For BMC Helix Automation Console, you configure the connector from the UI using a Cloud Native User profile. This profile is created when you subscribe to the BMC Helix Automation Console service.

After you configure and run this connector, the scan files that contains the Tenable.io assets and vulnerabilities are automatically imported into Automation Console.

Before you begin

Make sure that the following prerequisites are met:

• One or more configured Tenable.io instances are running in your environment.
• The API keys are generated for your user account in Tenable.io. The connector uses these keys to authenticate Tenable.io APIs. For more information, see Generate API keys .
• Install and run the connector on Windows or Linux operating systems based on the following criteria:
  • AdoptOpenJDK Runtime Environment 11.0.19+7 is installed on the connector host.

  • Port requirements as below:

    Port	Protocol	From	To	Notes
    443	HTTPS	Connector	HAC SaaS and Internet	Outbound
    443	HTTPS	Connector	Tenable.io Server	Outbound
    443	HTTPS	Tenable.io Server	Connector	Inbound

    • Connector's Outbound port 443 should be opened for ifm url mentioned in creds.json available in <connectorDirectory>/config/ folder. e.g.

      "endpoints": {        "ifm": "https://<url>"
          }

Configuring the connector

1. From the BMC Helix Automation Console login page., select the Login Profile as Cloud Native User and login as a cloud user. 
2. From the  briefcase menu on the top right corner, click Connectors.
3. On the Manage Connectors page, click the  option on the Scanner Connector widget and click Edit > Add Configuration.
   
4. On the Add configuration page, provide the following details:
   1. In the Vendor section, select the required scanner from the list.
   2. In the Connector details section, specify a unique name and an optional description.

   3. (Optional) In the Admin Security Group field, specify one or more admin security groups (comma separated list) that can access the scan results.
      If you do not specify a security group, all the admin security groups can access the scan files that are imported from Tenable.io.

      Important

      (For TrueSight Server Automation and TrueSight Server Automation endpoints) Specify the name of the appropriate security group. If you specify a non-admin security group, Automation Console does not fetch any data from Tenable.io.

   4. In the Connector Configuration section, perform the following steps:
      1. 1. In the Endpoint URL field, specify the URL to connect to Tenable.io.

         2. In the Fetch Data From field, specify the number of days for which you want to fetch the scan results.

            Automation Console retrieves the vulnerability data for the specified days during the first import. If you do not specify any value, Automation Console retrieves all the reported vulnerabilities from the Tenable.io instances.

            For all the imports during the next schedule, Automation Console fetches only those vulnerabilities and assets that were scanned and available in Tenable.io after the last sync date.

   5. In the Authentication Details section, specify the access and secret keys to authenticate with the Tenable.io API.
   6. In the Filters section, provide values to fetch the specific scanned data:
      1. Select the required Severity levels.
      2. To fetch more precise data, enter the Network IP/Hostname/CIDR as comma separated values.
      3. Specify additional filters to fetch further detailed scanned data.
5. Click Save.
   The newly added configuration is listed in the Configurations table.
6. If you have multiple Tenable scanners in your environment, repeat steps 3 to 6 for each scanner.
7. In the Configuration Schedule section, specify a frequency at which you want to run the connector, and save the schedule.
8. Click Continue and download the connector zip file on a local host. 
9. From the connector location on the server where the connector file is downloaded and extracted, run the following command to install and start the connector: 
   • Windows: run.bat
   • Linux: run.sh

   You can view the connector status on the Connectors page.
   
   

Vulnerability scan files are created with the specified configuration names. Automation Console processes each configuration sequentially.

Updating the connector

1. On the Manage Connectors page, click the  option against the Scanner Connector widget, and click Disable.
2. Click Edit.
   The available configurations are displayed. To quickly locate the required configuration, search or sort the configurations by the various columns, such as Status and Vendor.
3. Click Save.
   
   

Enabling debug mode

1. Press CTRL+C twice to stop the connector, if its already running.

2. Go to <ConnectorLocation>/config, open the application.properties file, add the following parameter, and set it to debug.

   #
   #Logging related Properties
   logging.level.com.bmc.truesight.scannerconnector=debug

3. Save the file.
4. Restart the connector.

Troubleshooting

If you encounter any issues while fetching data from Tenable.io, the Connector tile on the Manage Connectors page displays the name of the configuration with error messages and the related exceptions are logged in the log file. For troubleshooting issues, see Troubleshooting connectors.