Tenable.io Vulnerability Management Integration

Tenable.io Vulnerability Management is a cloud-based vulnerability management platform built on advanced Nessus Vulnerability Assessment technology by Tenable Network Security. It consolidates and evaluates vulnerability data across your organization, while prioritizing security risks and providing a clear view of your security posture. Built on Nessus technology, Tenable.io discovers unknown assets that can be cataloged as part of your asset inventory.

The integration of Tenable.io with the Archer IT & Security Vulnerabilities Program use case enables customers to leverage the discovered devices and catalog those network devices with the vulnerability library. With Archer, clients can then identify which assets require remediation based on the business priority of that asset.

This offering is provided through the Archer Exchange to enhance your existing Archer implementation. The Archer Exchange provides offerings to expand the use of Archer solutions into new business processes and address specific industry, geographic, regulatory, or technical requirements.

On this page

Release history

Last updated Update type Summary
April 2025 Initial Release

Initial release available:

  • Archer on-premises clients on Archer Platform version 2024.11 and later

  • Archer SaaS clients

Overview

The Tenable.io Vulnerability Management integration with Archer enables organizations to do the following:

  • Supplement the Vulnerability Library application with plugin content, which includes extensive CVE coverage.

  • Discover and catalog of assets, including unauthorized assets.

  • Capture network vulnerabilities using scanning technologies.

  • Gain quick visibility to assess risk posture on critical infrastructure devices.

  • Validate vulnerabilities inside Archer once scanners no longer detect vulnerabilities.

  • Identify which vulnerabilities with automated prioritization, that combines vulnerability data, threat intelligence and data science.

Important: In the event your integration is attempting to extract large amounts data, the execution of the JavaScript code could take multiple hours.  In order to avoid a timeout of the session token, the Archer Services Parameter must be extended. Currently the Archer Services account timeout parameter is set by default to 30 minutes.  In the event the JavaScript code has not completed in the allotted timeframe, the data feed will fail. Key benefits

Prerequisites (ODA and system requirements)

Components

Prerequisites

Archer Solution Area(s)

IT & Security Risk Management

Archer Use Case(s)

  • IT Security Vulnerabilities Program

  • Enterprise Catalog

Archer Applications

  • Devices

  • Vulnerability Library

  • Vulnerability Scan Results

Uses Custom Objects

No

Requires Archer On-Demand Application (ODA) License

This offering requires zero (0) Archer On-Demand Applications.

Archer Requirements

Archer Platform Release 2024.11 and later

Supported Archer Environments

  • On-Premise

  • Archer SaaS

Partner/Vendor Requirements

Valid Tenable.io license is required. Additional fees may apply.

Related Applications

Application

Use Case

Primary Purpose(s) of the Relationship

Vulnerability Library

IT Securities Vulnerabilities Program (IT Security & Risk Management)

  • The Vulnerability Library application represents a catalog of vulnerability data collected from the National Vulnerabilities Database (NVD)/National Institute of Standards and Technology (NIST).

  • The Vulnerability Library is updated each week or month by data feeds depending on the source.

Vulnerability Scan

Results

IT Securities Vulnerabilities Program (IT Security & Risk Management)

  • The Vulnerability Scan Results application stores the issues that result from every new record that is created from the vulnerability scanner such as Device Name, IP, owner, department, description, notes, recommendations and much more.

  • These records will contain the technical recommendation for each scan result and allow for reporting on the total number of issues, regardless of which system detects it.

Vulnerability Reference Lists

IT Securities Vulnerabilities Program (IT Security & Risk Management)

  • The Vulnerability Reference Lists application provides a repository of public vulnerability references collected from the National Vulnerabilities Database (NVD)/National Institute of Standards and Technology (NIST).

  • The application provides a list of entries, each containing a vulnerability identification number, a type, and a public reference for known Cyber Security vulnerabilities.

  • The URL found in the application contains a list of public references detailing information about the vulnerability, such as a description, consequences of the vulnerability, and potential mitigation strategies.

Devices

IT Asset Catalog

  • The Devices application serves as a central repository of knowledge about your business critical devices and their business criticality.

  • It allows organizations to manage devices (i.e. servers, desktops, network devices, etc.) and their relationships, to ensure they are being protected according to management expectations.

Impacted use case

The following Archer use case is impacted: IT Securities Vulernabilities Program

Additional Resources

The following additional resources are available for this offering:

Architecture Diagram

The following diagram shows the relationships between the applications that make up the Tenable.io Vulnerability Management integration.

A diagram of a software system AI-generated content may be incorrect.

Security Considerations

The information in this publication is provided “as is”. Archer makes no representations or warranties of any kind with respect to the information in this publication and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Client is solely responsible for ensuring that the installation of the application is performed in a secure manner. Archer recommends clients perform a full security evaluation prior to implementation.

Installation Overview

Complete the following tasks to install the offering.

Step 1: Prepare for the Installation

  1. Ensure that your Archer system meets the following requirements:

    • Archer Platform version 2024.11.

  2. Read and understand "Packaging Data" in the Archer Platform Help.

Step 2: Install the Package

Installing a package requires that you import the package file, map the objects in the package to objects in the target instance, and then install the package.

Task 1: Back Up Your Database

There is no Undo function for a package installation. Packaging is a powerful feature that can make significant changes to an instance. Back up the instance database before installing a package. This process enables a full restoration if necessary.

An alternate method for undoing a package installation is to create a package of the affected objects in the target instance before installing the new package. This package provides a snapshot of the instance before the new package is installed, which can be used to help undo the changes made by the package installation. New objects created by the package installation must be manually deleted.

Task 2: Import the Package

  1. From the menu bar, click Admin menu > Application Builder > Install Packages.

  2. In the Available Packages section, click Import.
  3. Click Add New, then locate and select the package file that you want to import.
  4. Click OK.

    The package file is displayed in the Available Packages section and is ready for installation.

Task 3: Map Objects in the Package

  1. From the menu bar, click Admin menu > Application Builder > Install Packages.

  2. In the Available Packages section, locate the package you want to map.
  3. In the Actions column, click Map package for that package.

    The analyzer examines the information in the package. The analyzer automatically matches the system IDs of the objects in the package with the objects in the target instance and identifies objects from the package that are successfully mapped to objects in the target instance, objects that are new or exist but are not mapped, and objects that do not exist (the object is in the target but not in the source).

    When the analyzer is complete, the Advanced Package Mapping page lists the objects in the package file and corresponding objects in the target instance.

  4. On the Advanced Mapping page, click to open each category and review the icons next to each object to determine which objects you must map manually.
    The following table describes the icons.

    Icon

    Name

    Description

    Awaiting mapping review

    Awaiting Mapping Review

    Indicates that the system could not automatically match the object or one of its children to a corresponding object in the target instance.

    Objects marked with this icon must be mapped manually.

    New objects should not be mapped. Select Do Not Map from the drop-down menu to clear this icon for an individual object, or click Do Not Map to clear the icon for all unmapped objects.

    Mapping completed

    Mapping Completed

    Indicates that the object and all children are mapped to objects in the target instance, or that they have been marked as Do Not Map. Nothing more needs to be done with these objects in Advanced Package Mapping.

    Note: You can run the mapping process without mapping all objects. The Awaiting mapping review icon is for informational purposes only.

  5. For objects awaiting mapping review, do one of the following:
    • To map each object individually, use the drop-down menu in the Target column to select the object in the target instance to which you want to map the source object. To leave an object unmapped, select Do Not Map in the Target column.
    • To automatically map all objects in a category that have different system IDs but the same object name as an object in the target instance, click Auto Map. Select whether to ignore case and spaces when matching object names. Click OK.
    • To mark all unmapped objects as Do Not Map, click Do Not Map.

  6. (Optional) Click Filter to enable filter fields that you can use to find specific objects in each mapping category. To undo your mapping selections, click Undo, then select whether to undo all mappings in the category or only the mappings on a single page. If you choose to undo all mappings, you will be returned to the categories list.

  7. (Optional) To save your mapping selections and return to the categories list without committing changes to the target instance, click RSA.
  8. After you review and map all objects, click Execute.
  9. Select I understand the implications of performing this operation. Click OK.

    When the mapping is complete, the Import and Install Packages page displays.

    Important: Advanced Package Mapping modifies the system IDs in the target instance. You must update any Data Feeds and Web Service APIs that use these objects with the new system IDs.

Task 4: Install the Package

  1. From the menu bar, click Admin menu > Application Builder > Install Packages.

  2. In the Available Packages section, locate the package file that you want to install, and click the file name or Import at end of the row to open the Options menu.
  3. In the Selected Components section, click the Lookup button to open the Package Selector window.
    • To select all components, select the top-level checkbox.
    • To install only specific global reports in an already installed application, select the checkbox associated with each report that you want to install.

    Note: Items in the package that do not match an existing item in the target instance are selected by default.

  4. Under the Translation Option drop-down menu, select an option for each selected component. To use the same Translation Option for all selected components, select a method from the top-level drop-down list.
    Note: The Translation Option is enabled only when a language is selected.
    The following table describes the options.

    Option

    Description

    Full Install

    Installs the component and its translations from the selected languages.

    Translations Only

    Only installs the translations from the selected languages.

  5. Under the Install Method drop-down menu, select an option for each selected component. To use the same Install Method for all selected components, select a method from the top-level drop-down list.
    The following table describes the options.

    Option

    Description

    Create New Only

    Only creates new fields and other elements in the applications, questionnaires, workspaces, data feeds, and dashboards specified in the package file. This option does not modify any existing elements on your instance of Archer. This is useful when you want to add functionality to an existing application, questionnaire, workspace, dashboard, data feed, or access role, but you do not want to risk making any unwanted changes to the existing elements of workspaces, data feeds, or dashboards. iViews that are not currently on the dashboards that are selected for the package install are created.

    Note: The Create New Only option does not apply to access roles or languages.

    Create New and Update

    Updates all elements in the applications, questionnaires, workspaces, data feeds, and dashboards as specified in the package file. This includes adding new elements and updating existing elements. Existing iViews on the dashboards that are selected for the package install are updated, and iViews that are not currently on the dashboards that are selected for the package install are created.

    Note: The Create New and Update option does not apply to access roles or languages.

  6. Under the Install Option drop-down menu, select an option for each selected component. To use the same Install Option for all selected components, select an option from the top-level drop-down list.
    The following table describes the options.

    Option

    Description

    Do not Override Layout

    Installs the component, but does not change the existing layout. This is useful if you have a lot of custom fields and formatting in your layout that you do not want to risk losing.

    You may have to modify the layout after installing the package to use the changes made by the package.

    Note: The Do not Override Layout option does not apply to access roles or languages.

    Override Layout

    Updates the layout as specified in the package file, overwriting the existing layout.

    Note: The Override Layout option does not apply to access roles or languages.

  7. Click Continue to advance to the next object category in the Package Selector, and repeat steps 4 to 6. After reviewing all object categories, click OK.
  8. To deactivate target fields and data-driven events that are not in the package, in the Post-Install Actions section, select the Deactivate target fields and data-driven events that are not in the package checkbox. To rename the deactivated target fields and data-driven events with a user-defined prefix, select Apply a prefix to all deactivated objects, and enter a prefix. This can help you identify any fields or data-driven events that you may want to review for cleanup post-install.
  9. Click Install.
  10. Click OK.

All objects from the source instance are installed in the target instance unless the object cannot be found or is flagged to not be installed in the target instance. The Log Messages section provides a list of conditions that may cause objects not to be installed. The Package Installation Log section displays a log entry.

Task 5: Review the Package Installation Log

  1. From the menu bar, click Admin menu > Application Builder > Install Packages.

  2. In the Package Installation Log section, click the package that you want to view.
  3. In the Package Installation Log page, in the Object Details section, click View All Errors.

    Note: To view individual logs, in the Errors column of the log you want to view, click the Failures link or Warnings link. Clicking View All Errors, Failures, or Warnings opens the specific errors on a different page.

  4. Click the Export icon to export the log file.
  5. Click Close.

For a list of packaging installation log messages and remediation information for common messages, see Package Installation Log Messages.

Data Feed Configuration

Data Feeds

Tenable.io provides a REST API that allows for the capability to script in interactions directly with the Tenable.io server. With Archer JavaScript Transporter our clients can easily authenticate to the server and make multiple, dependent API calls extracting large amounts of data in a single data feed. 

The following data feeds are provided with this integration:

Data Feed

Description     

Tenable.io Plugins 2024.11

The Tenable.io Plugins Archer 2024.11 feed is a JavaScript Transporter feed that utilizes API calls to extract all requested plugin definitions. Tenable.io data is imported and leveraged in the Vulnerability Library application.

Tenable.io Assets Generate 2024.11

The Tenable.io Assets Generate 2024.11 feed is a JavaScript Transporter feed that initiates the Tenable.io Assets Export job through the API requests.

Archer offers configurable settings that allow individual clients to define how to uniquely identify devices in their organization.

The feed does not insert/update any records in Archer.

Tenable.io Assets Ingest 2024.11

The Tenable.io Assets Ingest 2024.11 feed utilizes API calls to extract all the asset inventory discovered based on a client’s scanner configuration and implementation set in the Tenable.io Assets Generate 2024.11 feed.

 

Tenable.io Assets are imported and leveraged in the Devices application.  

Tenable.io Vulnerability Generate 2024.11

The Tenable.io Vulnerability Generate 2024.11 feed is a JavaScript Transporter feed that utilizes API calls to extract the vulnerabilities detected on each asset.


For data ingestion, Archer offers configurable settings that allow individual clients to filter vulnerabilities.

The feed does not insert/update any records in Archer.

Tenable.io Vulnerability Ingest 2024.11

The Tenable.io Vulnerability Ingest 2024.11 feed utilizes API calls to extract the vulnerabilities detected on each asset based on the configurations set in the Tenable.io Vulnerability Generate 2024.11.

Tenable.io vulnerabilities are imported and leveraged in the Vulnerability Scan Results application.  

Important: You must install all package files before importing data feeds. Package files include the IT Security Vulnerabilities Program use case package, the Enterprise Catalog package, and the Issues Management prerequisite use case package. For more information, see the “Installing the Packages” section of the IT Security Vulnerabilities Program use case in the Archer Online Documentation.

Note: Note: The Tenable.io data feeds are dependent on the Tenable.io API response data volume and their execution might time more than the session timeout set for the Archer Services Parameter account. The data feed might fail due to 'Invalid session token'. In this case, please increase the session timeout of Archer Service Parameter. refer the following article in the Archer Community for details https://www.archerirm.community/s/article/Failure-of-Long-Running-Jobs-for-Data-Imports-or-Content-Deletion-in-Archer

Import and run the data feeds in the following order:

  1. (Optional) NVD Data Feeds
    Note: For information on setting up the NVD data feeds, see the NIST National Vulnerability Database (NVD) Data Feeds for Archer IT Security Vulnerability Program Implementation Guide in the Archer Help Center.

  2. Tenable.io Assets Generate 2024.11

  3. Tenable.io Assets Ingest 2024.11

  4. Tenable.io Plugins 2024.11

  5. Tenable.io Vulnerability Generate 2024.11

  6. Tenable.io Vulnerability Ingest 2024.11

Note: Note: After setting up the data feeds, you can schedule the feeds to run when you want to. For more information, see the Scheduling Data Feeds section.

Note: The sufficient time gap of ~5 hours has been provided between Tenable.io Assets Generate and Ingest data feeds. If the Assets Generate takes more time than 5 hours to complete due to high volume of Assets data, adjust the time gap between the data feeds accordingly.

Follow the above step for Tenable Vulnerability Generate and Ingest data feeds.

Configure the JavaScript Transporter Settings

Before you upload a JavaScript file, you must configure JavaScript Transporter settings in the Archer Control Panel.

  1. On the General tab, go to the JavaScript Transporter section.

    1. Open the Archer Control Panel.

    2. Go to Instance Management and select All Instances.

    3. Select the instance.

    4. On the General tab, go to the JavaScript Transporter section.

  1. Set the Max Memory Limit and the Script Timeout variable to align with the resources necessary to retrieve data.  Most incremental feeds can probably be achieved with a Max Memory Limit of 3048 MB (3 GB) and a Script Timeout of 300 minutes (5 hours).

  2. Require Signature is enabled by default on install and required for all Hosted clients.   In the Signing Certificate Thumbprints section, add a thumbprint for each digitally signed JavaScript file.

    1. Double-click an empty cell in the Signing Certificate Thumbprints section.

    2. Enter the digital thumbprint of the trusted certificate used to sign the JavaScript file.

For information on how to obtain digital thumbprints, see Obtaining Digital Thumbprints.

Important: Important: If you enable Require Signature and do not specify thumbprints, JavaScript files will not be accepted by the system.

  1. On the toolbar, click Save.

Digital Thumbprints

When running JavaScript data feeds, you can set the system to only allow digitally signed JavaScript files from trusted sources for security considerations.

For a certificate to be trusted, all the certificates in the chain including the Root CA Certificate and Intermediate CA certificates must be trusted on both the Web Server and Services Server machines.

Archer Technologies LLC cert in the Trusted Root CA Store 

Archer Technologies LLC certificate is not present on every machine’s root by default. 

  1. On the JavaScript file, Right-click and select Properties.

    1. Click the Digital Signatures tab. 

    2. From the Signature List window, select Archer Technologies LLC. 

    3. Click the Details button 

    4. Click View Certificate.

    5. Click Install Certificate.

    6. Select Local Machine and click Next.

    7. Select Place all certificates in the following store and click Browse.

      1. Select Trusted Root Certification Authorities and click OK.

      2. Click Next.

      3. Click Finish.

  1. Upon successful import, click OK.

Obtaining a Certificate Thumbprint 

  1. On the Web Server and Services Server machines, open the Manage Computer Certificates program. 

  1. Launch “certmgr” from the Start menu. 

  1. Navigate to Certificates – Local Computer > Trusted Root Certification Authorities > Certificates. 

  1. Verify that the certificate is trusted. 

  1. Double click the Archer Technologies LLC certificate. 

  1. In the Certificate window, click the Certification Path tab. 

  1. Ensure that the Certificate Status windows display the following message: “This certificate is OK”. 

    Note: If the Certificate Status windows display something different, follow the on-screen instructions. 

  1. Obtain the trusted certificate thumbprint. 

  1. In the Certificate window, click the Details tab. 

  1. Scroll to, and select, the Thumbprint field.  

  1. The certificate's digital thumbprint appears in the window. Copy thumbprint. 

    Note: For information on adding digital thumbprints, see Step 4a of “Configure the JavaScript Transporter Settings” section of the document, regarding where thumbprint is relevant.

Setting Up Tenable.io Data Feeds

There are five data feeds for Tenable.io integration. The data feeds for Vulnerabilities and Assets has been divided into two sets-

Generate - This feed initiates the job execution in Tenable.io. The completion of the Tenable.io job depends on the volume of data.

Ingest- This feed ingests the Tenable.io data that was generated based on parameters passed in the Generate phase.

The data feeds ingests Tenable.io data based on the date settings in the Custom parameter that is set to <LastRunTime>.

The default setting for the Date parameter is as follows:

  • Tenable.io Plugins 2024.11 Data Feed- last_updated

  • Tenable.io Assets Generate 2024.11 Data Feed-created_at

  • Tenable.io Vulnerability Generate 2024.11 Data Feed- since

In addition to the Date settings, parameters are provided to adjust the volume of data loads.

These parameters are set at lowest settings; adjust the parameters to higher values for faster execution of data feed.

While increasing the Custom parameters settings to a higher value, also increase the 'Max Memory Limit' settings in the Archer Control Panel accordingly.

The minimum value of the 'Max Memory Limit' setting should be set at 2048 MB.

The following parameters can be used to increase/decrease the data volume per API request.

  • Tenable.io Plugins 2024.11 Data Feed- num_assets

  • Tenable.io Assets Generate 2024.11 Data Feed-chunck_size

  • Tenable.io Vulnerability Generate 2024.11 Data Feed- since

The data feeds execute into two phases: Initial Load and Incremental Load.

  1. Initial Load. This is the phase when the data feeds are imported and run for the first time. Since the LastRunTime is empty the data feeds will pull Tenable.io API data from 01-01-2000. The data volume is high in this phase; hence it is suggested to increase the Archer Service Parameter session timeout to a higher value. Update the LastRunTime token with a custom date if you need data to be pulled from a different date instead of 01-01-2000.

  1. Incremental Phase. After the initial run, the LastRunTime token gets updated with the current date time and subsequent data feeds run only pull the incremental Tenable.io data.

Set Up the Tenable.io Plugins 2024.11 Data Feed

Important: Before you upload a JavaScript file, configure JavaScript Transporter settings in the Archer Control Panel. For more information, see Configure the JavaScript Transporter Settings.

Important: Important: With the exception of the optional parameters specified in this procedure, changes to the  JavaScript Transporter configuration file can only be achieved in a hosted environment with a Professional Services engagement. For more information, contact your account representative.

  1. Go to the Manage Data Feeds page.

    1. From the menu bar, click Admin menu.

    2. Under Integration, click Data Feeds.

  1. In the Manage Data Feeds section, click Import.

  2. Locate and select the Tenable.io Plugins 2024.11.dfx5 file.

  3. Click Open.

  4. In the General Information section, in the Status field, select Active.

  5. In the Additional Properties section, enable Optimize Calculations.

  6. Click the Transport tab.

  7. In the Transport Configuration section, complete the following:

    1. Click Upload.

    2. From the Upload JavaScript File dialog, click Add New.

    3. Locate and select the signed-TenableIO_1.0.0.js file and click Open.

    4. From the Upload JavaScript File dialog, click OK.

  1. The JavaScript code allows clients to pass in different variables through our Custom Parameters section.  The following table describes the supported values for specific Custom Parameters.

Key  

Value  

Description 

feedType

Requires valid value ‘Plugins’

Default = [empty]

 ‘Plugins’ should be provided for ‘Plugins’ data feed.

url 

Requires valid value

Default=[empty]

 Valid Tenable.io URL

https://cloud.tenable.com

accessKey

Requires valid value

Default = [empty] 

 Tenable.io Access Key

secretKey

Requires valid value

Default = [empty] 

 Tenable.io Secret Key

last_updated

Requires valid value

Default = <LastRunTime>

The last updated date to filter on in the YYYY-MM-DD format. Tenable Vulnerability Management returns only the plugins that have been updated after the specified date.

size

Requires valid value

Default = 1000

The number of records to include in the result set. Default is 1,000. The maximum size is 10,000.

proxy    

Optional

Default = [empty]  

Proxy server URL

verifyCerts 

Default = false

[Configurable value of true / false]

Validates the website address matches the address on the certificate, similar to browser level validation.

Important: The keys and values are case-sensitive and cannot include extra spaces at the end of the strings. The listed values are in place by default but can be configured to suit your environment.

  1. The following additional parameters are valid options for the Custom Parameters section for the current JavaScript file.

Key  

Value  

Description 

batchSize

Default = 1000 (records at a time)

[Configurable] 

Used for defining batches of content to be retrieved in a single call. JavaScript makes incremental calls to pull the next batch of data. 

socketLimit

Default = 10

[Configurable value of 1-25]      

Indicates the maximum number of open socket channels to an endpoint to be used for TCP connections.

maxRetry

Default = 1

[Configurable value of 0-2] 

Indicates the number of times a retry will occur where a "socket hung up" error is encountered. If a retry is unsuccessful and the maxRetry is exceeded, the data feed will fail.

requestsPerMin

Default = 60

[Configurable value]  

A parameter to allow clients to govern the number of API requests made by Archer to the external integration.

lastRunTimeOffset 

Default = -1

[Configurable value]  

Ensures no data loss in the scenarios where calculations with Datetime can be a factor.

  1. For each key type, determine whether you want it to be Protected or Plain Text. Selecting Protected encrypts the key value for the specified key in the log.

  2. Click the Source Definition tab.

    1. Click the Tokens sub-tab.

    2. Verify token values.

The following table describes token values to verify.

Token

Value

LastRunTime

(Populated by feed)

Note: For more information about tokens, see "Data Feed Tokens" in the Archer Online Documentation.

  1. Verify that key field values are not missing from the data feed setup window.

  2. Click Save.

  3. The following are the mappings of the source and target fields in the data feed.

Source Field

Target Field

DFMKey

DFMKey

Source

Source

ID

ID

Name

Title

Plugin_Type

Tenable.sc Check Type

Synopsis

Abstract
Tenable.sc Synopsis

Description

Description

Solution

Solution

See_Also

Tenable.sc see Also

Plugin_Publication_Date

Tenable.sc Plug In Published Date

Vuln_Publication_Date

Tenable.sc Vulnerability Published Date

Patch_Publication_Date

Tenable.sc Patch Publish Date

Exploitability_Ease

Tenable.sc Exploit Ease

Exploit_Available

Tenable.sc Exploit Available

Risk_Factor

Tenable.sc Risk Factor

CPE

Tenable.sc CPE Full Configuration Name

Plugin_Modification_Date

Tenable.sc Plug In Modified Date

Plugin_Version

Version

Required_Ports

Tenable.sc Required Ports

Required_UDP_Ports

Tenable.sc Required UDP Ports

Dependencies

Tenable.sc Dependencies

AccessVector

Tenable.sc CVSS v2 Vector

Cvss_Temporal_Score

CVSS v2 Temporal Score
Tenable.sc CVSS v2 Temporal Score

Cvss_Base_Score

CVSS v2 Base Score
Tenable.sc CVSS v2 Base Score

AccessVector

Tenable.sc CVSS v3 Vector

Cvss3_Temporal_Score

CVSS v3 Temporal Score
Tenable.sc CVSS v3 Temporal Score

Cvss3_Base_Score

CVSS v3 Base Score
Tenable.sc CVSS v3 Base Score

Score

Tenable.sc vprScore

TYPE

Vulnerability Reference Lists/Type

url

Vulnerability Reference Lists/url

Attack_Vector

Tenable.sc CVSS v2 Access Vector

Attack_Complexitiy

Tenable.sc CVSS v2 Access Complexity

Authentication

Tenable.sc CVSS v2 Authentication

Confidentiality

Tenable.sc CVSS v2 Impact Confidentiality

Integrity

Tenable.sc CVSS v2 Impact Integrity

Availability

Tenable.sc CVSS v2 Impact Availability

Exploitability

Tenable.sc CVSS v2 Exploitability

Remediation_Level

Tenable.sc CVSS v2 Remediation Level

Report_Confidence

Tenable.sc CVSS v2 Report Confidence

Attack_Vector

Tenable.sc CVSS v3 Attack Vector

Attack_Complexitiy

Tenable.sc CVSS v3 Attack Complexity

Privileges

Tenable.sc CVSS v3 Privileges Required

User_Interaction

Tenable.sc CVSS v3 User Interaction

Scope

Tenable.sc CVSS v3 Scope

Confidentiality_Impact

Tenable.sc CVSS v3 Confidentiality Impact

Integrity_Impact

Tenable.sc CVSS v3 Integrity Impact

Availability_Impact

Tenable.sc CVSS v3 Availability Impact

Exploitability

Tenable.sc CVSS v3 Exploit Code Maturity

Remediation_Level

Tenable.sc CVSS v3 Remediation Level

Report_Confidence

Tenable.sc CVSS v3 Report Confidence

Operating_System_Technology

CPE Operating System Technologies

Application_Technology

CPE Application Technologies

Hardware_Technology

CPE Hardware Technologies

Family_Id

Tenable.sc Family ID

Family_Name

Tenable.sc Family Name

Set Up the Tenable.io Assets Generate 2024.11 Data Feed

Important: Important: Before you upload a JavaScript file, configure JavaScript Transporter settings in the Archer Control Panel. For more information, see Configure the JavaScript Transporter Settings.

Important: With the exception of the optional parameters specified in this procedure, changes to the JavaScript Transporter configuration file can only be achieved in a hosted environment with a Professional Services engagement. For more information, contact your account representative.

Note: The objective of this data feed is to initiate the Export Assets job in Tenable.io using the ‘https://cloud.tenable.com/assets/export’ endpoint. This data feed does not create/update any Archer records. The execution time of the Data Feed depends on the volume of Tenable data. The ingestion of the assets will be done by the Tenable.io Assets Ingest 2024.11 data feed.

  1. Go to the Manage Data Feeds page.

    1. From the menu bar, click Admin menu.

    2. Under Integration, click Data Feeds.

  1. In the Manage Data Feeds section, click Import.

  2. Locate and select the Tenable.io Assets Generate 2024.11.dfx5 file for the data feed.

  3. Click Open.

  4. In the General Information section, in the Status field, select Active.

  5. In the Additional Properties section, enable Optimize Calculations.

  6. Click the Transport tab.

  7. In the Transport Configuration section, complete the following:

    1. Click Upload.

    2. From the Upload JavaScript File dialog, click Add New.

    3. Locate and select the signed-TenableIO_1.0.0.js file and click Open.

    4. From the Upload JavaScript File dialog, click OK.

  1. The JavaScript code allows clients to pass in different variables through our Custom Parameters section.  The following table describes the supported values for specific Custom Parameters.

Key  

Value  

Description 

feedType

Requires valid value ‘Assets

Default = [empty]

 ‘Assets’ should be provided for ‘Assets Generate’ data feed.

Objective

Requires valid value ‘Generate’

Default = [empty]

‘Generate’ should be provided for initiating the Assets generation job in Tenable.io

url 

Requires valid value

Default = [empty] 

Please use the Tenable.io URL:

https://cloud.tenable.com

accessKey

Requires valid value

Default = [empty] 

 Tenable.io Access Key

secretKey

Requires valid value

Default = [empty] 

 Tenable.io Secret Key

proxy

Optional

Default = [empty]  

Proxy Server URL

verifyCerts 

Default = false

[Configurable value of true or false]

Validates the website address matches the address on the certificate, similar to browser level validation.

chunk_size

Optional

Default = ‘1000’  

Requires an Integer value

Valid Values: 100 to 10000

include_open_ports

Optional

Values: True/False

Requires a Boolean value

created_at

Requires valid value

Type: Date

Default = [empty] 

Values: <LastRunTime>

Format- YYYY-MM-DD

Please use <LastRunTime> token for incremental loads.

first_scan_time

Optional

Type: Date

Default = [empty] 

Format- YYYY-MM-DD

last_authenticated_scan_time

Optional

Type: Date

Default = [empty] 

Format- YYYY-MM-DD

last_assessed

Optional

Type: Date

Default = [empty] 

Format- YYYY-MM-DD

sources

Optional

Values: Array of Plugins

Values should be in Array

e.g. [102897, 102898]

updated_at

Optional

Type: Date

Default = [empty] 

Format- YYYY-MM-DD

Important: The keys and values are case-sensitive and cannot include extra spaces at the end of the strings. The listed values are in place by default but can be configured to suit your environment.

  1. (Optional) The following additional parameters are valid options for the Custom Parameters section for the current JavaScript file.

Key 

Value 

Description 

batchSize 

Default = 1000 (records at a time)

[Configurable] 

Used for defining batches of content to be retrieved in a single call.  JavaScript makes incremental calls to pull the next batch of data. 

socketLimit

Default = 10

[Configurable value of 1-25]      

Indicates the maximum number of open socket channels to an endpoint to be used for TCP connections.

maxRetry

Default = 1

[Configurable value of 0-2] 

Indicates the amount of times a retry will occur where a "socket hung up" error is encountered. If a retry is unsuccessful and the maxRetry is exceeded, the data feed will fail.

requestsPerMin

Default = 60

[Configurable value]  

A parameter to allow clients to govern the number of API requests made by Archer to the external integration.

lastRunTimeOffset 

Default = -1

[Configurable value]  

Ensures no data loss in the scenarios where calculations with Datetime can be a factor.  Example: if startDate = 2020-06-03, the code will calculate the number of days ago by using 2020-06-02.

  1. For each key type, determine whether you want it to be Protected or Plain Text. Selecting Protected encrypts the key value for the specified key in the log.

  2. Click the Source Definition tab.

    1. Click the Tokens sub-tab.

    2. Verify token values.

The following table describes token values to verify.

Token

Value

LastRunTime

(Populated by feed)

Note: For more information about tokens, see "Data Feed Tokens" in the Archer Platform Help.

  1. Verify that key field values are not missing from the data feed setup window.

  2. Click Save.

Set Up the Tenable.io Assets Ingest 2024.11 Data Feed

Important: Before you upload a JavaScript file, configure JavaScript Transporter settings in the Archer Control Panel. For more information, see Configure the JavaScript Transporter Settings.

Important: With the exception of the optional parameters specified in this procedure, changes to the JavaScript Transporter configuration file can only be achieved in a hosted environment with a Professional Services engagement. For more information, contact your account representative.

Note: The objective of the data feed is to ingest the Tenable assets into Devices application. The Assets extraction job is initiated by the Tenable.io Assets Generate 2024.11 data feed. This data feed must execute after Tenable.io Assets Generate 2024.11 data feed for latest updates.

 

  1. Go to the Manage Data Feeds page.

    1. From the menu bar, click Admin menu.

    2. Under Integration, click Data Feeds.

  2. In the Manage Data Feeds section, click Import.

  3. Locate and select the Tenable.io Assets Generate 2024.11.dfx5 file for the data feed.

  4. Click Open.

  5. In the General Information section, in the Status field, select Active.

  6. In the Additional Properties section, enable Optimize Calculations.

  7. Click the Transport tab.

  8. In the Transport Configuration section, complete the following:

    1. Click Upload.

    2. From the Upload JavaScript File dialog, click Add New.

    3. Locate and select the signed-TenableIO_1.0.0.js file and click Open.

    4. From the Upload JavaScript File dialog, click OK.

  1. The JavaScript code allows clients to pass in different variables through our Custom Parameters section.  The following table describes the supported values for specific Custom Parameters.

Key  

Value  

Description 

feedType

Requires valid value ‘Assets

Default = [empty]

 ‘Assets’ should be provided for Assets Ingest data feed.

Objective

Requires valid value ‘Ingest’

Default = [empty]

‘Ingest’ should be provided for ingesting Assets into Device application

url 

Requires valid value

Default = [empty] 

Please use the Tenable.io URL:

https://cloud.tenable.com

accessKey

Requires valid value

Default = [empty] 

 Tenable.io Access Key

secretKey

Requires valid value

Default = [empty] 

 Tenable.io Secret Key

proxy

Optional

Default = [empty]  

Proxy Server URL

verifyCerts 

Default = false

[Configurable value of true or false]

Validates the website address matches the address on the certificate, similar to browser level validation.

Important: The keys and values are case-sensitive and cannot include extra spaces at the end of the strings. The listed values are in place by default but can be configured to suit your environment.

  1. (Optional) The following additional parameters are valid options for the Custom Parameters section for the current JavaScript file.

Key 

Value 

Description 

batchSize 

Default = 1000 (records at a time)

[Configurable] 

Used for defining batches of content to be retrieved in a single call.  JavaScript makes incremental calls to pull the next batch of data. 

socketLimit

Default = 10

[Configurable value of 1-25]      

Indicates the maximum number of open socket channels to an endpoint to be used for TCP connections.

maxRetry

Default = 1

[Configurable value of 0-2] 

Indicates the amount of times a retry will occur where a "socket hung up" error is encountered. If a retry is unsuccessful and the maxRetry is exceeded, the data feed will fail.

requestsPerMin

Default = 60

[Configurable value]  

A parameter to allow clients to govern the number of API requests made by Archer to the external integration.

lastRunTimeOffset 

Default = -1

[Configurable value]  

Ensures no data loss in the scenarios where calculations with Datetime can be a factor.  Example: if startDate = 2020-06-03, the code will calculate the number of days ago by using 2020-06-02.

  1. For each key type, determine whether you want it to be Protected or Plain Text. Selecting Protected encrypts the key value for the specified key in the log.

  2. Click the Source Definition tab. Click the Tokens sub-tab. Verify token values.

The following table describes token values to verify.

Token

Value

LastRunTime

(Populated by feed)

Note: For more information about tokens, see "Data Feed Tokens" in the Archer Platform Help.

  1. Verify that key field values are not missing from the data feed setup window.

  2. Click Save.

The following are the mappings of the source and target fields in the data feed.

Source Field

Target Field

ID

Device Name

Source

Last Updated By

Last_Scan_Time

Last Scan Date Time

Last_Authenticated_Scan_Date

Last Vulnerability Authenticated Scanned Date Time

Serial_Number

Serial Number

Ipv4s

External IPv4 Address

Ipv6s

External IPv6 Address

FQDNS

Domain Name

Mac_Addresses

MAC Address

Netbios_Names

NetBIOS Name

Operating_Systems

Operating System

System_Types

Description

Host_Names

Host Name

Name

Network Name

Operating_System_Technology

Operating System Technologies

Application_Technology

Application Technologies

Hardware_Technology

Hardware Technologies

Set Up the Tenable.io Vulnerability Generate 2024.11 Data Feed

Important: Before you upload a JavaScript file, configure JavaScript Transporter settings in the Archer Control Panel. For more information, see Configure the JavaScript Transporter Settings.

Important: With the exception of the optional parameters specified in this procedure, changes to the JavaScript Transporter configuration file can only be achieved in a hosted environment with a Professional Services engagement. For more information, contact your account representative.

Note: The objective of this data feed is to initiate the Export Vulnerabilities job in Tenable.io using the ‘https://cloud.tenable.com/vulns/export` endpoint. This data feed does not create/update any Archer records. The execution time of the Data Feed depends on the volume of Tenable data. The ingestion of the assets will be done by the Tenable.io Assets Vulnerability 2024.11 data feed.

  1. Go to the Manage Data Feeds page.

    1. From the menu bar, click .

    2. Under Integration, click Data Feeds.

  2. In the Manage Data Feeds section, click Import.

  3. Locate and select the Tenable.io Assets Generate 2024.11.dfx5 file for the data feed.

  4. Click Open.

  5. In the General Information section, in the Status field, select Active.

  6. In the Additional Properties section, enable Optimize Calculations.

  7. Click the Transport tab.

  8. In the Transport Configuration section, complete the following:

    1. Click Upload.

    2. From the Upload JavaScript File dialog, click Add New.

    3. Locate and select the signed-TenableIO_1.0.0.js file and click Open.

    4. From the Upload JavaScript File dialog, click OK.

  1. The JavaScript code allows clients to pass in different variables through our Custom Parameters section.  The following table describes the supported values for specific Custom Parameters.

Key  

Value  

Description 

feedType

Requires valid value ‘Vulnerability’

Default = [empty]

 ‘Vulnerability’ should be provided for Vulnerability’ Generate data feed.

Objective

Requires valid value ‘Generate’

Default = [empty]

‘Generate’ should be provided for initiating the Vulnerability generation job in Tenable.io

url 

Requires valid value

Default = [empty]

Please use the Tenable.io URL:

https://cloud.tenable.com

accessKey

Requires valid value

Default = [empty] 

 Tenable.io Access Key

secretKey

Requires valid value

Default = [empty] 

 Tenable.io Secret Key

proxy

Optional

Default = [empty]  

Proxy Server URL

verifyCerts 

Default = false

[Configurable value of true or false]

Validates the website address matches the address on the certificate, similar to browser level validation.

num_assets

Optional

Default = 500  

Requires an Integer value

50 to 5000

include_unlicensed

Optional

Values: True/False

Requires a Boolean value

first_found

Optional

Type: Date

Default = [empty]

Format- YYYY-MM-DD

last_found

Optional

Type: Date

Default = [empty]

Format- YYYY-MM-DD

since

Requires valid value

Type: Date

Default = [empty]

Values: <LastRunTime>

Format- YYYY-MM-DD

Please use <LastRunTime> token for incremental loads.

last_fixed

Optional

Type: Date

Default = [empty]

Format- YYYY-MM-DD

cve_category

Optional

Type: Array

Default = [empty]

Requires String values

exploit_maturity

Optional

Type: Array

Default = [empty]

Requires String values

plugin_family

Optional

Type: Array

Default = [empty]

Requires String values

plugin_type

Optional

Type: Array

Default = [empty]

Requires Integers value

severity

Optional

Type: Array

Default = [empty]

Requires String values

state

Optional

Type: Array

Default = [empty]

Requires String values

source

Optional

Type: Array

Default = [empty]

Requires String values

Important: The keys and values are case-sensitive and cannot include extra spaces at the end of the strings. The listed values are in place by default but can be configured to suit your environment.

  1. (Optional) The following additional parameters are valid options for the Custom Parameters section for the current JavaScript file.

Key 

Value 

Description 

batchSize 

Default = 1000 (records at a time)

[Configurable] 

Used for defining batches of content to be retrieved in a single call.  JavaScript makes incremental calls to pull the next batch of data. 

socketLimit

Default = 10

[Configurable value of 1-25]      

Indicates the maximum number of open socket channels to an endpoint to be used for TCP connections.

maxRetry

Default = 1

[Configurable value of 0-2] 

Indicates the amount of times a retry will occur where a "socket hung up" error is encountered. If a retry is unsuccessful and the maxRetry is exceeded, the data feed will fail.

requestsPerMin

Default = 60

[Configurable value]  

A parameter to allow clients to govern the number of API requests made by Archer to the external integration.

lastRunTimeOffset 

Default = -1

[Configurable value]  

Ensures no data loss in the scenarios where calculations with Datetime can be a factor.  Example: if startDate = 2020-06-03, the code will calculate the number of days ago by using 2020-06-02.

  1. For each key type, determine whether you want it to be Protected or Plain Text. Selecting Protected encrypts the key value for the specified key in the log.

  2. Click the Source Definition tab. Click the Tokens sub-tab. Verify token values.

The following table describes token values to verify.

Token

Value

LastRunTime

(Populated by feed)

For more information about tokens, see "Data Feed Tokens" in the Archer Platform Help.

  1. Verify that key field values are not missing from the data feed setup window.

  2. Click Save.

Set Up the Tenable.io Vulnerability Ingest 2024.11 Data Feed

Important: Before you upload a JavaScript file, configure JavaScript Transporter settings in the Archer Control Panel. For more information, see Configure the JavaScript Transporter Settings.

Important: With the exception of the optional parameters specified in this procedure, changes to the JavaScript Transporter configuration file can only be achieved in a hosted environment with a Professional Services engagement. For more information, contact your account representative.

Note: The objective of the data feed is to ingest the Tenable vulnerabilities into Vulnerability Scan Results application. The Vulnerability extraction job is initiated by the Tenable.io Vulnerability Generate 2024.11 data feed. This data feed must execute after Tenable.io Vulnerability Generate 2024.11 data feed for latest updates.

  1. Go to the Manage Data Feeds page.

    1. From the menu bar, click .

    2. Under Integration, click Data Feeds.

  2. In the Manage Data Feeds section, click Import.

  3. Locate and select the Tenable.io Assets Generate 2024.11.dfx5 file for the data feed.

  4. Click Open.

  5. In the General Information section, in the Status field, select Active.

  6. In the Additional Properties section, enable Optimize Calculations.

  7. Click the Transport tab.

  8. In the Transport Configuration section, complete the following:

    1. Click Upload.

    2. From the Upload JavaScript File dialog, click Add New.

    3. Locate and select the signed-TenableIO_1.0.0.js file and click Open.

    4. From the Upload JavaScript File dialog, click OK.

  1. The JavaScript code allows clients to pass in different variables through our Custom Parameters section.  The following table describes the supported values for specific Custom Parameters.

Key  

Value  

Description 

feedType

Requires valid value ‘Vulnerability’

Default = [empty]

 ‘Vulnerability’ should be provided for ‘Vulnerability Ingest’ data feed.

Objective

Requires valid value ‘Ingest’

Default = [empty]

‘Ingest’ should be provided for ingesting Vulnerabilities into Vulnerability Scan Results application.

url 

Requires valid value

Default = [empty]

Please use the Tenable.io URL:

https://cloud.tenable.com

accessKey

Requires valid value

Default = [empty] 

 Tenable.io Access Key

secretKey

Requires valid value

Default = [empty] 

 Tenable.io Secret Key

proxy

Optional

Default = [empty]  

Proxy Server URL

verifyCerts 

Default = false

[Configurable value of true or false]

Validates the website address matches the address on the certificate, similar to browser level validation.

Important: Important: The keys and values are case-sensitive and cannot include extra spaces at the end of the strings. The listed values are in place by default but can be configured to suit your environment.

  1. (Optional) The following additional parameters are valid options for the Custom Parameters section for the current JavaScript file.

Key 

Value 

Description 

batchSize 

Default = 1000 (records at a time)

[Configurable] 

Used for defining batches of content to be retrieved in a single call.  JavaScript makes incremental calls to pull the next batch of data. 

socketLimit

Default = 10

[Configurable value of 1-25]      

Indicates the maximum number of open socket channels to an endpoint to be used for TCP connections.

maxRetry

Default = 1

[Configurable value of 0-2] 

Indicates the amount of times a retry will occur where a "socket hung up" error is encountered. If a retry is unsuccessful and the maxRetry is exceeded, the data feed will fail.

requestsPerMin

Default = 60

[Configurable value]  

A parameter to allow clients to govern the number of API requests made by Archer to the external integration.

lastRunTimeOffset 

Default = -1

[Configurable value]  

Ensures no data loss in the scenarios where calculations with Datetime can be a factor.  Example: if startDate = 2020-06-03, the code will calculate the number of days ago by using 2020-06-02.

  1. For each key type, determine whether you want it to be Protected or Plain Text. Selecting Protected encrypts the key value for the specified key in the log.

  2. Click the Source Definition tab. Click the Tokens sub-tab.

    1. Verify token values. The following table describes token values to verify.

Token

Value

LastRunTime

(Populated by feed)

For more information about tokens, see "Data Feed Tokens" in the Archer Platform Help.

  1. Verify that key field values are not missing from the data feed setup window.

  2. Click Save.

  3. The following are the mappings of the source and target fields in the data feed.

Source Field

Target Field

Archer_Source

Source

Title

Title

DFMKey

DFMKey

Fqdn

FQDN

Hostname

Hostname

Uuid

Host ID
Impacted Device/Device Name

Ipv4

IPv4

Ipv6

Ipv6

Mac_Address

MAC Address

Netbios_name

NetBIOS Name

Operating_System

Operating System

Network_Id

Network ID

Output

Results

Bid

Tenable.sc Plugin ID

Description

Tenable.sc Plugin Information

Id

Vulnerability Library Details/ID
Vulnerability ID

Modification_Date

Last Date Updated

Score

Priority

CVE

CVE ID

Operating_System_Technology

CPE Operating System Technology

PortNumber

Port Number

Protocal

Protocol

Service

Service

Started_At

Last Device Scan Date

Severity

Severity
Tenable.sc Severity Name

Severity_Id

Tenable.sc Severity ID

First_Found

First Found Date

Last_Found

Last Found Date

Using the Tenable.io Data Feeds

Scheduling Data Feeds

Important: A data feed must be active and valid to successfully run.

As you schedule your data feed, the Data Feed Manager validates the information. If any information is invalid, an error message display. You can save the data feed and correct the errors later; but the data feed does not process until you make corrections.

All IT Security Vulnerabilities Program data feeds are set to run daily by default.

  1. From the menu bar, click  .

  2. Go to the Schedule tab of the data feed that you want to modify.

    1. From the menu bar, click .

    2. Under Integration, click Data Feeds.

    3. Select the data feed.

    4. Click the Schedule tab.

  3. Go to the Recurrences section and complete frequency, start and stop times, and time zone.

The following table describes the fields in the Recurrences section.

Field

Description

Frequency

Specifies the interval in which the data feed runs, for example, Minutely, Hourly, Daily, Weekly, Monthly, or Reference.

  • Minutely. Runs the data feed by the interval set.

For example, if you specify 45 in Every list, the data feed executes every 45 minutes.

  • Hourly. Runs the data feed by the interval set, for example, every hour (1), every other hour (2) and so forth.

  • Daily. Runs the data feed by the interval set, for example, every day (1), every other day (2) and, so forth.

  • Weekly. Runs the data feed based on a specified day of the week, for example, every Monday of the first week (1), every other Monday (2), and so forth.

  • Monthly. Runs the data feed based on a specified week of the month, for example, 1st, 2nd, 3rd, 4th, or Last.

  • Recurrence. Runs a specified data feed as runs before the current one. This option indicates to the Data Feed Service that this data feed starts as soon as the referenced data feed completes successfully. For example, you can select to have a Threats data feed run immediately after your Assets data feed finishes. From the Reference Feed list, select after which existing data feed the current data feed starts.

A reference data feed will not run when immediately running a data feed. The Run Data Feed Now option only runs the current data feed.

Every

Specifies the interval of the frequency in which the data feed runs.

Start Time

Specifies the time the data feed starts running.

Start Date

Specifies the date on which the data feed schedule begins.

Time Zone

Specifies the time zone in of the server that runs the data feed.

  1. (Optional) To override the data feed schedule and immediately run your data feed, in the Run Data Feed Now section, click Start.

  2. Click Save.

Certification Environment

Date Tested: March 2025

Product Name

Version Information

Operating System

Archer

2024.11

Virtual Appliance

Tenable.io

NA

NA