×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC Helix Automation Console Managing connectors

Configuring the Tenable.sc connector

This topic was edited by a BMC Contributor and has not been approved.  More information.

As an administrator, you can configure the Tenable.sc connector to integrate Automation Console with Tenable.sc. Tenable.sc is a comprehensive vulnerability management solution that provides complete visibility of the security risks across your IT infrastructure. With this integration, Automation Console can retrieve the vulnerability scan results from multiple Tenable.sc instances and process the vulnerabilities to map the remediation content. You can then create operations to remediate vulnerabilities. For BMC Helix Automation Console, you configure the connector from the UI using a Cloud Native User profile. This profile is created when you subscribe to the BMC Helix Automation Console service.

After you configure and run this connector, the scan files containing the Tenable.sc assets and vulnerabilities are automatically imported into Automation Console.

Before you begin

Make sure that the following prerequisites are met:

  • One or more configured Tenable.sc instances are running in your environment.
  • The API keys are generated for your user account in Tenable.sc. The connector uses these keys to authenticate Tenable.sc APIs. For more information, see Generate API keys. Open link
  • Before running the connector, ensure that the connector is installed and run on Windows or Linux operating systems that match the following criteria:
    • AdoptOpenJDK Runtime Environment 18.9 (build 11.0.19+7) is installed on the connector host.

    • Port requirements as below -

      Port

      Protocol

      From

      To

      Notes

      443

      HTTPS

      Connector

      HAC SaaS and Internet

      Outbound

      443

      HTTPS

      Connector

      Tenable.sc Server

      Outbound

      443

      HTTPS

      Tenable.sc Server 

      Connector

      Inbound

      • Connector's Outbound port 443 should be opened for ifm url mentioned in creds.json available in <connectorDirectory>/config/ folder. e.g.

        "endpoints": {        "ifm": "https://<url>"
            }

Configuring the connector

To configure the connector, do these steps: 

  1. Go to BMC Helix Automation Console login page.
  2. Select the Login Profile as Cloud Native User and provide the credentials to login as a cloud user. 
  3. Go to the briefcase menu on the top right, and click Connectors.
    1. On the Manage Connectors page, click the  option against the Tenable.sc Connector and click Edit Add Configuration.
    2. On the Add configuration page, provide the following details:
      1. In the Connector details section, specify a unique name and an optional description for configuration.
      2. In the Tenable Configuration section, do the following:
        1. In the Endpoint URL field, specify the URL to connect to Tenable.sc.

        2. (optional) In the Admin Security Group field, specify one or more admin security groups (comma separated list) that can access the scan results. If no security group is specified, all the admin security groups can access the scan files imported from Tenable.sc.

          Important

          If you have both TrueSight Server Automation and TrueSight Network Automation endpoints, specify the name of the appropriate security group. If you specify a non-admin security group, Automation Console does not fetch any data from Tenable.sc.

        3. In the Fetch Data From field, specify the number of days for which you want to fetch the scan results.

          Automation Console retrieves the vulnerability data for the specified days during the first import. If you do not specify any value, Automation Console retrieves all the reported vulnerabilities from the Tenable.sc instances.

          For all the imports during the next schedules, Automation Console fetches only those vulnerabilities and assets that were scanned and available in Tenable.sc after the last sync date.

    3. In the Authentication Details section, specify the access and secret keys to authenticate with the Tenable.sc API.

    4. In the Tenable Query ID field, provide the ID that you generated in the Tenable scanner to filter data. You can also specify the Tenable queries along with the ID (comma separated values). For example, the query Type = Vulnerability and Tool = Vulnerability List. We recommend creating a separate configuration for each query ID.
      For more information, see  Queries Open link

    5. (optional) If the Tenable.sc server is configured to use the SSL certificate authentication, provide the certificate name (.pfx only) and the certificate export password in the Client Certificate Authentication Details section. 


      Ensure that the certificate is present at the following location:

      <connector_directory>\certs

      The connector checks this location for the certificate while communicating with the Tenable.sc server.
    6. Save the changes.
    7. The newly added configuration is listed in the Configurations table.
    8. If you have multiple Tenable scanners in your environment, repeat steps 3 to 7.
    9. Click Continue and download the connector zip file on a local host. 
    10. On the server where the connector file is downloaded and extracted, go to the connector location, and run the following command to install and start the connector: 
      • Windows: run.bat
      • Linux: run.sh

      The connector starts running successfully. You can view the connector status on the Connectors page.

    11. In the Configuration Schedule section, specify a frequency at which you want to run the connector, and save the schedule.

      Minimum duration for data collection between the consecutive schedules is 10 minutes.

Vulnerability scan files are created with the specified configuration names. Automation Console processes each configuration sequentially.

Updating the connector

To make changes to the connector, do the following:

  1. On the Manage Connectors page, click the option against the Tenable.sc connector and click Disable.
  2. Click Edit. The available Tenable.sc configurations are displayed. To quickly locate the required configuration, use search or sort the configurations by the various columns, such as Status and Queryid.
  3. Make the changes based on your requirement and click Save.

Enabling debug mode

BMC recommends that you do not modify any other configuration files available in the /config directory. However, you can enable the debug mode on the connector to obtain detailed logging information.

Do this:

  1. Press CTRL+C twice to stop the connector, if its already running

  2. Go to <ConnectorLocation>/config, open the application.properties file, add the following parameter and set it to debug, save the file

    #
#Logging related Properties
logging.level.com.bmc.truesight.tenableconnector=debug
  3. Restart the connector.


Troubleshooting

If you encounter any issues while fetching data from Tenable.sc, the Connector tile on the Manage Connectors page shows the name of the configuration with error and the related exceptions are logged in the log file. For the troubleshooting the issues, see Troubleshooting connectors.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Sonal Rajapurkar on Aug 17, 2023
contributor_unapproved tenable

Comments

Log in or register to comment.

Configuring the TrueSight Network Automation connector
Configuring the Scanner Connector
© Copyright 2019 - 2022 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.