Tenable.sc Asset Discovery

Tenable.sc provides your organization the ability to accurately identify, investigate, and prioritize vulnerabilities. With Tenable.sc you get a real-time, continuous assessment of your security posture so you can find, prioritize, and fix vulnerabilities faster.

Archer Exchange: With the Archer Exchange, the Archer team has created a broad selection of supplemental, value-added offerings to help you get your unique risk management program on the right path, right from the start. You can leverage the Archer Exchange offerings to expand the use of Archer solutions into new business processes and address specific industry, geographic, regulatory, or technical requirements.

For more information see the Archer Exchange on the Archer Community:https://archerirm.exchange/en-US/apps/694903/tenable-security-center-asset-discovery

On this page

Release notes

Release Version	Published Date	Notes
Archer 6.12	July 2024	Re-Signed JavaScript file with latest certificate

Previous releases

Release Version	Published Date	Notes
Archer 6.4 SP1	November 2019	Initial Release
Archer 6.7	December 2021	Re-Signed JavaScript file.
Archer 6.12	January 2023	Authentication and User Agent header update

Overview of Tenable.sc

The integration of Tenable.sc Asset Discovery with the Devices application in any of the below use cases enables customers to leverage the discovered devices and catalog those network devices within Archer.

Benefits

The Tenable.sc integration with Archer enables organizations to:

Catalog network devices on a corporate network.

Requirements

Components	Requirement
Archer Solution	Audit Management IT & Security Risk Management Regulatory & Corporate Compliance Management Third Party Management
Archer Use Case(s)	The following use cases can take advantage of the information provided by the Tenable.sc integration: Archer Audit Engagements & Workpapers Archer Third Party Governance Archer Business Continuity & Disaster Recovery Planning Archer IT Controls Assurance Archer IT Security Vulnerability Program Archer IT Risk Management Archer Cyber Incident & Breach Response Archer PCI Management Archer Information Security Management System (ISMS) Archer Data Governance
Archer Applications	Leverages the Devices application
Uses Custom Application	No
Requires On-Demand license	No
Archer requirements	Please refer “Tenable.sc Integration” page for version details
Tenable.sc Requirements	Valid Tenable.sc license is required

Integration diagram

The following diagram provides an overview of the interaction between Tenable.sc and the Archer Tenable.sc Integration offering.

Configure Tenable.sc Host

Important: Review the Tenable documentation for URLs with REST endpoints and other Tenable API best practices.

Configure the data feed

The following data feed is used as part of the Tenable.sc Integration process:

The Tenable.sc Host data feed is a JavaScript transporter data feed that retrieves data (Devices related data) from the Tenable.sc URL and creates and updates the records in the Archer Devices application.

The data feeds must be configured. After setting up the data feed, you can schedule it to run as needed per your organization’s requirements. For more inf.ormation on scheduling the data feed, see the Scheduling Data Feed section.

Configure the JavaScript Transporter Settings

Before you upload a JavaScript file, you must configure JavaScript Transporter settings in the Archer Control Panel.

On the General tab, go to the JavaScript Transporter section.
1. Open the Archer Control Panel.
2. Go to Instance Management and select All Instances.
3. Select the instance you want to use.
4. On the General tab, go to the JavaScript Transporter section.
In the Max Memory Limit field, set the value to 2048 MB (2 GB).
In the Script Timeout field, set the value to 120 minutes (2 hours).
(Optional) If you want to allow only digitally signed JavaScript files in the data feed, enable Require Signature.
1. In the JavaScript Transporter Settings section, select the checkbox Require Signature. A new empty cell appears in the Signing Certificate Thumbprints section.
2. In the Signing Certificate Thumbprints section, double-click an empty cell.
3. Enter the digital thumbprint of the trusted certificate used to sign the JavaScript file.
  
  Note: For information on how to obtain digital thumbprints, see Obtaining Digital Thumbprints.
  
  Important: If you enable Require Signature and specify no thumbprints, no JavaScript files will be accepted by the system.
4. (Optional) If you want to add additional thumbprint sources, repeat steps 4b-4c for each thumbprint.

On the toolbar, click Save.

Archer Technologies LLC cert in the Trusted Root CA Store

Archer Technologies LLC certificate is not present on every machine’s root by default.

On the JavaScript file, right-click and select Properties.
1. Click the Digital Signatures tab.
2. From the Signature List window, select Archer Technologies LLC.
3. Click the Details button.
4. Click View Certificate.
5. Click Install Certificate.
6. Select Local Machine.
7. Click Next.
8. Select Place all certificates in the following store and click Browse.
  1. Select Trusted Root Certification Authorities and click OK.
  2. Click Next.
  3. Click Finish.
Upon successful import, click OK.

Obtaining a Certificate Thumbprint

In the Archer Control Panel environment, open the Manage Computer Certificates program.
1. Click Start.
2. Type: certificate
3. From the search results, click Manage Computer Certificates.
Ensure that your trusted source certificates are in the Certificates sub-folder of the Trust Root Certification Authorities folder.
In the Certificates sub-folder, double-click the Archer Technologies LLC that contains the thumbprint you want to obtain.
Verify that the certificate is trusted.
1. In the Certificate window, click the Certification Path tab.
2. Ensure that the Certificate Status windows displays the following message:
  
  This certificate is OK
  
  Note: If the Certificate Status windows displays something different, follow the on-screen instructions.
Obtain the trusted certificate thumbprint.
1. In the Certificate window, click the Details tab.
2. Select the Thumbprint field.
  
  The certificate's digital thumbprint appears in the window.
3. Copy the thumbprint.

Download the Tenable.sc vulnerabilities (hosts) data feed

Download the zip file from the Archer Community..
Extract the zip file and copy the Tenable.sc Hosts Archer 6.12.dfx5 file.
Copy the “signed-TenableSC_1.0.17.js” JavaScript file.
Paste both the files into your desired location, which will be used in this integration.

Setup the Tenable.sc vulnerabilities (hosts) data feed

Important: Before you upload a JavaScript file, configure the JavaScript Transporter settings in the Archer Control Panel. For more information, see Configure the JavaScript Transporter Settings. Updates to the API files used in the JavaScript Transporter (signed-TenableSC_1.0.17.js) can only be achieved in a hosted environment with a Professional Services engagement. For more information, contact your account representative.

Go to the Manage Data Feeds page.
1. From the menu bar, click .
2. Under Integration, click Data Feeds.
In the Manage Data Feeds section, click Import.
Locate and select the Tenable.sc Hosts Archer 6.12.dfx5 file.
Click Open.
In the General Information section, in the Status field, select Active.
Click the Transport tab.
In the Transport Configuration section, do the following:
1. Click Upload.
2. From the Upload JavaScript File dialog, click Add New.
3. Locate and select the signed-TenableSC_1.0.17.js file.
4. Click Open.
5. From the Upload JavaScript File dialog, click OK.

In the Custom Parameters section, enter key values. The following table describes the value for each key in Custom Parameters.

Key	Value
accessKey	[Valid value]
secretKey	[Valid value]
dataSource	hosts
URL	[Valid value] For example, https://tenablesc.eastus.cloudapp.azure.com
ignoreLastRunTime	false
vulnSeverities	4,3,2,1
vulnDateFilterType	firstSeen
vulnLoadActive	true
vulnLoadPatched	true
verifyCerts	false
userAgent	Optional, Default Value=’ ARCHER DATAFEED CLIENT’

Note: The listed values are in place by default. They can be configured to suit your environment. Important: The keys and values are case-sensitive and cannot include extra spaces at the end of the strings.

(Optional) Add startOffset as a new key.

Note: The startOffset parameter specifies the first record in the range you want to retrieve, and the endOffset parameter specifies the last record in the range you want to retrieve. Use these parameters to parse data into consumable sizes. For more information, see the Tenable.sc API Best Practices Guide.
1. Click Add New.
2. Enter startOffset as the key.
3. Define a valid value for the startOffset key.
4. Click Add New.
5. Enter endOffset at the key.
6. Define a valid value for the endOffset key.

For each key type, determine whether you want it to be Protected or Plain Text. Selecting Protected encrypts the key value for the specified key in the log.

Click the Source Definition tab.

Click the Tokens subtab.

Verify token values. The following table describes token values to verify.

Token	Value
BatchContentSave	1000
LastRunTime	(Populated by feed)
LastFileProcessed	(Populated by feed)
PreviousRunContext	(Populated by feed)

Note: For more information about tokens, see Data Feed Tokens in Archer Help.

Verify that key field values are not missing from the data feed setup window.
Click Save.

Scheduling data feeds

When you schedule a data feed, the Data Feed Manager validates the information. If any information is invalid, an error message will display. You can save the data feed and correct the errors later, but that data feed is not processed until the errors are rectified.

Important: A data feed must be active and valid to successfully run.

Go to the Schedule tab of the data feed that you want to modify.
1. From the menu bar, click .
2. Under Integration, click Data Feeds.
3. Select the data feed that you want to modify.
4. Click the Schedule tab.
In the Recurrences section, enter the frequency, start and stop times, and time zone for the data feed.
(Optional) In the Run Data Feed Now section, click Start to override the data feed schedule and run the data feed immediately.
Click Save. The following table describes the fields in the Recurrences section.

Field	Description
Frequency	Specifies the interval in which the data feed runs. By minute: Runs the data feed by the minute interval set. For example, if you specify 45 in every list, the data feed executes every 45 minutes. Hourly: Runs the data feed by the hourly interval set. For example, every hour (1), every other hour (2), and so forth. Daily: Runs the data feed by the daily interval set. For example, every day (1), every other day (2), and so forth Weekly: Runs the data feed based on a specified day of the week. For example, every Monday of the first week (1), every other Monday (2), and so forth. Monthly: Runs the data feed based on a specified week of the month. For example, 1st, 2nd, 3rd, 4th, or last. Reference: Runs a specified data feed that will run before the current one. This option indicates to the Data Feed Service that this data feed starts as soon as the referenced data feed completes successfully. From the Reference Feed list, select after which existing data feed the current data feed starts. A reference data feed will not run when immediately running a data feed. The Data Feed Now option only runs the current data feed.
Every	Specifies the interval of the frequency in which the data feed runs.
Start Time	Specifies the time the data feed begins running.
Start Date	Specifies the date on which the data feed schedule begins.
Time Zone	Specifies the time zone in of the server that runs the data feed.

Test the data feed to ensure that all device details from Tenable.sc were imported into the Devices application. If testing fails, try verifying the data feed and re-run the data feed. If you experience multiple failures, please contact your Archer Partner.

Certification environment

Date tested: July 2024

Product Name	Version Information	Operating System
Archer Suite	Archer 6.12	Virtual Appliance
Tenable.sc	NA	NA