DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
[ Edited ]
Adviser
Posts: 155
Registered: ‎09-09-2015
Adviser
Posts: 136

Hi there,

 

Infoblox and Tenable Security Center together enable security and incident response teams to leverage the integration of vulnerability scanners , IPAM and DNS security to enhance visibility, manage assets, ease compliance and automate remediation. This video shows how the integration with Tenable Security Center works using Outbound API NIOS 8.2 feature.

 

 

All necessary templates are attached to this post. The templates are provided “as-is”, please check them in you Lab environment and modify for your needs before implementing them in production.

 

The templates require Extensible Attributes, described in the table below. It is recommended to inherit attributes with the default values from the network view level

Extensible Attribute

Description

TNBL_Sync

Defines if an object should be synced with Tenable SC. Possible values: true, false

TNBL_SyncTime

Contains date/time when the object was synchronized, updated by the assets management template

TNBL_AddNet

Defines if a network should be added to assets. Possible values: true, false. If TNBL_AddNet is false but TNBL_Sync is true, TNBL_AssetIPID and TNBL_AssetHostID  will be updated.

TNBL_AddRange

Defines if a range should be added to assets. Possible values: true, false. If TNBL_AddNet is false but TNBL_Sync is true, TNBL_AssetIPID and TNBL_AssetHostID  will be updated.

TNBL_ScanOnEvnt

Defines if an asset should be scanned if RPZ or DNS Tunneling events were triggered

TNBL_ScanOnAdd

Defines if an asset should be scanned immediately after creation

TNBL_ScanTemplate

Defines a Tenable SC active scan which should be used for scans initiated by Infoblox. List of possible values should match active scan names on Tenable SC.

TNBL_ScanTemplateID

Internal attribute, which is used to store an active scan id.

TNBL_AssetIP

Defines a Static IP List name. List of possible values should match names of static IP lists on Tenable SC.

TNBL_AssetIPID

Internal attribute, which is used to store a static IP list id.

TNBL_AssetHost

Defines a Static DNS Names List name. List of possible values should match names of static DNS Names lists on Tenable SC.

TNBL_AssetHostID

Internal attribute, which is used to store a static DNS Name list id.

TNBL_ScanTime

Contains a date when an asset was scanned last time by a request from Infoblox

TNBL_AddByHostname

Defines if a host should be synced with Tenable SC using a hostname. Possible values: true, false

 

You can use attached PHP script to create these EAs (do not forget to update $NIOS_baseURL, $NIOS_User, $NIOS_PWD, $data variables based on your configuration)

 

The detailed description how the templates work and how to configure the integration you can find in these posts:

 

Any feedback and/or questions are appreciated and very welcome.

BR,

Vadim Pavlov