Tenable.sc Asset Discovery

Tenable.sc provides your organization the ability to accurately identify, investigate, and prioritize vulnerabilities. With Tenable.sc you get a real-time, continuous assessment of your security posture so you can find, prioritize, and fix vulnerabilities faster.

The integration of Tenable.sc Asset Discovery with the Devices application in any of the below use cases enables customers to leverage the discovered devices and catalog those network devices within Archer.

Release notes

Release Version	Published Date	Notes
Archer 6.4 SP1	November 2019	Initial Release
Archer 6.7	December 2021	Re-Signed JavaScript file.
Archer 6.12	January 2023	Authentication and User Agent header update
Archer 6.12	July 2024	Re-Signed JavaScript file with latest certificate

Overview of Tenable.sc

Benefits

The Tenable.sc integration with Archer enables organizations to:

• Catalog network devices on a corporate network.

Requirements

Components	Requirement
Archer Solution	Audit Management IT & Security Risk Management Regulatory & Corporate Compliance Management Third Party Management
Archer Use Case(s)	The following use cases can take advantage of the information provided by the Tenable.sc integration: Archer Audit Engagements & Workpapers Archer Third Party Governance Archer Business Continuity & Disaster Recovery Planning Archer IT Controls Assurance Archer IT Security Vulnerability Program Archer IT Risk Management Archer Cyber Incident & Breach Response Archer PCI Management Archer Information Security Management System (ISMS) Archer Data Governance
Archer Applications	Leverages the Devices application
Uses Custom Application	No
Requires On-Demand License	No
Archer Requirements	Please refer “Tenable.sc Integration” page for version details
Tenable.sc Requirements	Valid Tenable.sc license is required

Integration diagram

The following diagram provides an overview of the interaction between Tenable.sc and the Archer Tenable.sc Integration offering.

Configure Tenable.sc Host

Configure the data feed

The following data feed is used as part of the Tenable.sc Integration process:

The Tenable.sc Host data feed is a JavaScript transporter data feed that retrieves data (Devices related data) from the Tenable.sc URL and creates and updates the records in the Archer Devices application.

The data feeds must be configured. After setting up the data feed, you can schedule it to run as needed per your organization’s requirements. For more inf.ormation on scheduling the data feed, see the Scheduling Data Feed section.

Configure the JavaScript Transporter Settings

Before you upload a JavaScript file, you must configure JavaScript Transporter settings in the Archer Control Panel.

1. On the General tab, go to the JavaScript Transporter section.

   1. Open the Archer Control Panel.

   2. Go to Instance Management and select All Instances.

   3. Select the instance you want to use.

   4. On the General tab, go to the JavaScript Transporter section.

2. In the Max Memory Limit field, set the value to 2048 MB (2 GB).

3. In the Script Timeout field, set the value to 120 minutes (2 hours).

4. (Optional) If you want to allow only digitally signed JavaScript files in the data feed, enable Require Signature.

   1. In the JavaScript Transporter Settings section, select the checkbox Require Signature. A new empty cell appears in the Signing Certificate Thumbprints section.

   2. In the Signing Certificate Thumbprints section, double-click an empty cell.

   3. Enter the digital thumbprint of the trusted certificate used to sign the JavaScript file.

      Note: For information on how to obtain digital thumbprints, see ObtainingDigital Thumbprints.

      Important: If you enable Require Signature and specify no thumbprints, no JavaScript files will be accepted by the system.

   4. (Optional) If you want to add additional thumbprint sources, repeat steps 4b-4c for each thumbprint.

5. On the toolbar, click Save.

Obtaining Digital Thumbprints

When running JavaScript data feed, you can set the Archer instance to only allow digitally signed JavaScript files from trusted sources for security considerations.

For a certificate to be trusted, all the certificates in the chain, including the Root CA certificate and Intermediate CA certificates, must be trusted on both the Web Server and Services Server machines.

Archer Technologies LLC Certificate in the Trusted Root CA Store

Archer Technologies LLC certificate is not present on every machine’s root by default.

1. On the JavaScript file, right-click and select Properties.

   1. Click the Digital Signatures tab.

   2. From the Signature List window, select Archer Technologies LLC.

   3. Click the Details button.

   4. Click View Certificate.

   5. Click Install Certificate.

   6. Select Local Machine.

   7. Click Next.

   8. Select Place all certificates in the following store and click Browse.

      1. Select Trusted Root Certification Authorities and click OK.

      2. Click Next.

      3. Click Finish.

2.    Upon successful import, click OK.

Archer Technologies LLC Certificate in the Trusted Root CA Store

1. In the Archer Control Panel environment, open the Manage Computer Certificates program.

   1. Click Start.

   2. Type: certificate

   3. From the search results, click Manage Computer Certificates.

2. Ensure that your trusted source certificates are in the Certificates subfolder of the Trust Root Certification Authorities folder.

3. In the Certificates subfolder, double-click the Archer Technologies LLC certificate that contains the thumbprint you want to obtain.

4. Verify that the certificate is trusted.

   1. In the Certificate window, click the Certification Path tab.

   2. Ensure that the Certificate Status window displays the following message: THIS certificate is OK.

   Note: If the Certificate Status window displays something different, follow the on-screen instructions.

5. Obtain the trusted certificate thumbprint.

   1. In the Certificate window, click the Details tab.

   2. Select the Thumbprint field. The certificate's digital thumbprint appears in the window.

Download the Tenable.sc vulnerabilities (hosts) data feed

The Tenable.sc Hosts data feed can be downloaded from the Tenable.sc Integration exchange page:

https://community.rsa.com/docs/DOC-95804

1. Open the above exchange page and click on the Integration Package.

2. Download the zip file.

3. Extract the zip file and copy the Tenable.sc Hosts RSA Archer 6.12.dfx5 file.

4. Copy the “signed-TenableSC_1.0.17.js” JavaScript file.

5. Paste both the files into your desired location, which will be used in this integration.

Note: Please refer to the Integration Package page for any package updates related to the Devices application. If you find that a new package is available, you must install it before configuring this data feed.

Setup the Tenable.sc vulnerabilities (hosts) data feed

Important: Before you upload a JavaScript file, configure the JavaScript Transporter settings in the Archer Control Panel. For more information, see Configure the JavaScript Transporter Settings. Updates to the API files used in the JavaScript Transporter (signed-TenableSC_1.0.17.js) can only be achieved in a hosted environment with a Professional Services engagement. For more information, contact your account representative.

1. Go to the Manage Data Feeds page.

   1. From the menu bar, click .

   2. Under Integration, click Data Feeds.

2. In the Manage Data Feeds section, click Import.

3. Locate and select the Tenable.sc Hosts RSA Archer 6.12.dfx5 file.

4. Click Open.

5. In the General Information section, in the Status field, select Active.

6. Click the Transport tab.

7. In the Transport Configuration section, do the following:

   1. Click Upload.

   2. From the Upload JavaScript File dialog, click Add New.

   3. Locate and select the signed-TenableSC_1.0.17.js file.

   4. Click Open.

   5. From the Upload JavaScript File dialog, click OK.

8. In the Custom Parameters section, enter key values. The following table describes the value for each key in Custom Parameters.

   Key	Value
   accessKey	[Valid value]
   secretKey	[Valid value]
   dataSource	hosts
   URL	[Valid value] For example, https://tenablesc.eastus.cloudapp.azure.com
   ignoreLastRunTime	false
   vulnSeverities	4,3,2,1
   vulnDateFilterType	firstSeen
   vulnLoadActive	true
   vulnLoadPatched	true
   verifyCerts	false
   userAgent	Optional, Default Value=’ ARCHER DATAFEED CLIENT’

Note: The listed values are in place by default. They can be configured to suit your environment. Important: The keys and values are case-sensitive and cannot include extra spaces at the end of the strings.

9. (Optional) Add startOffset as a new key.

   Note: The startOffset parameter specifies the first record in the range you want to retrieve, and the endOffset parameter specifies the last record in the range you want to retrieve. Use these parameters to parse data into consumable sizes. For more information, see the Tenable.sc API Best Practices Guide.

   1. Click Add New.

   2. Enter startOffset as the key.

   3. Define a valid value for the startOffset key.

   4. Click Add New.

   5. Enter endOffset at the key.

   6. Define a valid value for the endOffset key.

10. For each key type, determine whether you want it to be Protected or Plain Text. Selecting Protected encrypts the key value for the specified key in the log.

11. Click the Source Definition tab.

    1. Click the Tokens subtab.

    2. Verify token values. The following table describes token values to verify.

       Token	Value
       BatchContentSave	1000
       LastRunTime	(Populated by feed)
       LastFileProcessed	(Populated by feed)
       PreviousRunContext	(Populated by feed)

       Note: For more information about tokens, see Data Feed Tokens in Archer Help.

12. Verify that key field values are not missing from the data feed setup window.

13. Click Save.

Scheduling data feeds

When you schedule a data feed, the Data Feed Manager validates the information. If any information is invalid, an error message will display. You can save the data feed and correct the errors later, but that data feed is not processed until the errors are rectified.

Important: A data feed must be active and valid to successfully run.

1. Go to the Schedule tab of the data feed that you want to modify.

   1. From the menu bar, click .

   2. Under Integration, click Data Feeds.

   3. Select the data feed that you want to modify.

   4. Click the Schedule tab.

2. In the Recurrences section, enter the frequency, start and stop times, and time zone for the data feed.

3. (Optional) In the Run Data Feed Now section, click Start to override the data feed schedule and run the data feed immediately.

4. Click Save. The following table describes the fields in the Recurrences section.

Field	Description
Frequency	Specifies the interval in which the data feed runs. By minute: Runs the data feed by the minute interval set. For example, if you specify 45 in every list, the data feed executes every 45 minutes. Hourly: Runs the data feed by the hourly interval set. For example, every hour (1), every other hour (2), and so forth. Daily: Runs the data feed by the daily interval set. For example, every day (1), every other day (2), and so forth Weekly: Runs the data feed based on a specified day of the week. For example, every Monday of the first week (1), every other Monday (2), and so forth. Monthly: Runs the data feed based on a specified week of the month. For example, 1st, 2nd, 3rd, 4th, or last. Reference: Runs a specified data feed that will run before the current one. This option indicates to the Data Feed Service that this data feed starts as soon as the referenced data feed completes successfully. From the Reference Feed list, select after which existing data feed the current data feed starts. A reference data feed will not run when immediately running a data feed. The Data Feed Now option only runs the current data feed.
Every	Specifies the interval of the frequency in which the data feed runs.
Start Time	Specifies the time the data feed begins running.
Start Date	Specifies the date on which the data feed schedule begins.
Time Zone	Specifies the time zone in of the server that runs the data feed.

5. Test the data feed to ensure that all device details from Tenable.sc were imported into the Devices application. If testing fails, try verifying the data feed and re-run the data feed. If you experience multiple failures, please contact your Archer Partner.

Certification environment

Date tested: July 2024

Product Name	Version Information	Operating System
Archer Suite	Archer 6.12	Virtual Appliance
Tenable.sc	NA	NA