Reply
This is an open group. Sign in and click the "Join Group" button to become a group member and start posting.
DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
[ Edited ]
Adviser
Posts: 172
Registered: ‎09-09-2015
Adviser
Posts: 82

Hi there,

 

Infoblox and Tenable Security Center together enable security and incident response teams to leverage the integration of vulnerability scanners , IPAM and DNS security to enhance visibility, manage assets, ease compliance and automate remediation. This video shows how the integration with Tenable Security Center works using Outbound API NIOS 8.2 feature.

 

 

All necessary templates are attached to this post. The templates are provided “as-is”, please check them in you Lab environment and modify for your needs before implementing them in production.

 

The templates require Extensible Attributes, described in the table below. It is recommended to inherit attributes with the default values from the network view level

Extensible Attribute

Description

TNBL_Sync

Defines if an object should be synced with Tenable SC. Possible values: true, false

TNBL_SyncTime

Contains date/time when the object was synchronized, updated by the assets management template

TNBL_AddNet

Defines if a network should be added to assets. Possible values: true, false. If TNBL_AddNet is false but TNBL_Sync is true, TNBL_AssetIPID and TNBL_AssetHostID  will be updated.

TNBL_AddRange

Defines if a range should be added to assets. Possible values: true, false. If TNBL_AddNet is false but TNBL_Sync is true, TNBL_AssetIPID and TNBL_AssetHostID  will be updated.

TNBL_ScanOnEvnt

Defines if an asset should be scanned if RPZ or DNS Tunneling events were triggered

TNBL_ScanOnAdd

Defines if an asset should be scanned immediately after creation

TNBL_ScanTemplate

Defines a Tenable SC active scan which should be used for scans initiated by Infoblox. List of possible values should match active scan names on Tenable SC.

TNBL_ScanTemplateID

Internal attribute, which is used to store an active scan id.

TNBL_AssetIP

Defines a Static IP List name. List of possible values should match names of static IP lists on Tenable SC.

TNBL_AssetIPID

Internal attribute, which is used to store a static IP list id.

TNBL_AssetHost

Defines a Static DNS Names List name. List of possible values should match names of static DNS Names lists on Tenable SC.

TNBL_AssetHostID

Internal attribute, which is used to store a static DNS Name list id.

TNBL_ScanTime

Contains a date when an asset was scanned last time by a request from Infoblox

TNBL_AddByHostname

Defines if a host should be synced with Tenable SC using a hostname. Possible values: true, false

 

You can use attached PHP script to create these EAs (do not forget to update $NIOS_baseURL, $NIOS_User, $NIOS_PWD, $data variables based on your configuration)

 

The detailed description how the templates work and how to configure the integration you can find in these posts:

 

Any feedback and/or questions are appreciated and very welcome.

BR,

Vadim Pavlov

 

Re: DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
Adviser
Posts: 172
Registered: ‎09-09-2015
Adviser
Posts: 82

Tenable Scan template (TenableScan.json.txt) was updated.

 

BR,

Vadim

Re: DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
New Member
Posts: 2
Registered: ‎06-14-2018
New Member
Posts: 2

FYI re: php script... an adition of the following cURL optional parameter might be needed to allow the PHP script to work correctly, also, don't forget to uncomment out the cURL extension in the file php.ini  (extension=curl) if php gives a curl_init() function not found error:

 

    CURLOPT_SSL_VERIFYHOST => false,

 

So the entire definition of curl_setopt_array() from TNBL_create_EAs.php looks like this:

 

#extensibleattributedef

  $ch = curl_init();
  curl_setopt_array($ch,array(
    CURLOPT_USERPWD => $NIOS_User . ":" . $NIOS_PWD,
    CURLOPT_CUSTOMREQUEST => "POST",
    CURLOPT_SSL_VERIFYPEER => false,
    CURLOPT_SSL_VERIFYHOST => false,
   CURLOPT_VERBOSE => true,
    CURLOPT_TIMEOUT => 30,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => array('Content-Type: application/json')
    )
  );

Re: DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
Adviser
Posts: 172
Registered: ‎09-09-2015
Adviser
Posts: 82

Good catch!

Re: DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
New Member
Posts: 2
Registered: ‎05-28-2014
New Member
Posts: 1

Hi , 

  I am trying to build the environment on NIOS 6.4.0 with Tenable SC 5.9.0.

  The Asset is not limited to the IP trigger the RPZ/Network . The scan job would scan all networks in the Asset, Do I miss anything ? 

 

 

 

2019-03-15_17-08-19.png2019-03-15_17-09-29.png

 

 

 

Re: DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
New Member
Posts: 7
Registered: ‎10-26-2017
New Member
Posts: 5

I think it is worth noting that you are on a very old version of NIOS. Per the Deployment Guide, you need to be at 8.2 at a minimum. You also need the Security Ecosystem License which is not supported in that version.

 

From the Guide requirements:

 

Infoblox:

1. NIOS 8.2 or higher

2. Security Ecosystem License

3. Outbound API integration templates

4. Prerequisites for the templates (e.g. configured and set extensible attributes)

Jason Ciotti
Federal Sales Systems Engineer
jciotti@infobloxfederal.com
Re: DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
Adviser
Posts: 172
Registered: ‎09-09-2015
Adviser
Posts: 82

Looks like there is a typo. You are running NIOS 8.4.0.

Do not define asset group in a scan IP, define a dummy IP instead.

Unfortunately Tenable some limitations if you want to a trigger scan for a single IP so the scan process work this way:

- a scan template should be created and it should contain all required configuration. It must be configured with a dummy IP (e.g. 10.0.0.1) as a scan target instead of an asset group.

- OutAPI copies the scan template.

- OutAPI replace the dummy IP with an IP which should be scanned.

- OutAPI execute the scan.

 

Vadim

 

Re: DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
New Member
Posts: 6
Registered: ‎03-21-2020
New Member
Posts: 6

Hello Dears,

Kindly you help with exact notifications values and setting as I didn't find any in the docs.

and the vidoe was ready and configured not showing the exact break down settings.

your support

thanks in advanced.

1.JPG

Re: DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
New Member
Posts: 6
Registered: ‎03-21-2020
New Member
Posts: 6

this photo I ment I want the details of inside rules and conditions.. no info in the video or doc.

thx

 

1.JPG

 

Re: DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
Adviser
Posts: 172
Registered: ‎09-09-2015
Adviser
Posts: 82

In a notification you select which template to execute and what will be an endpoint. It is straight forward.

You can not select a template if it is not supporting the notification type.

Re: DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
New Member
Posts: 6
Registered: ‎03-21-2020
New Member
Posts: 6

Hello,

thanks for your support.

but I still have issue e.g. in DNS tunelling I couln't know how I can make the rule cause nothing in docs or video it's already configured I want the condition inside the notification it self.

e.g for add net or host I did condition "Network View" inside "Default" so all is good but still need help for dns tuneling

thx

Re: DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
New Member
Posts: 6
Registered: ‎03-21-2020
New Member
Posts: 6

Hello Dear,

thanks for your support

I found the issue

I have to choose match CIDR then put network 10.0.0.0/8 it will work

thx.

 

Re: DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
Adviser
Posts: 172
Registered: ‎09-09-2015
Adviser
Posts: 82

Yep. Forgot about that you should add a filter for the events. These events will be triggered only for 10.0.0.0/8 network. Depending on an event type you can add it per network view, network, evet type etc.

Re: DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
New Member
Posts: 2
Registered: ‎07-19-2021
New Member
Posts: 2

Hi Vadim,

 

I am using this to sync IPv4 network IPAM objects on NIOS 8.6.1, but it seems that our existing network objects will not trigger the notification and get synced with Tenable. It is only newly created network objects that are synced. Is there a way to get this to work with exsiting network objects?

Also I noticed that deleted IPAM network objects don't get removed from Tenable. Is that a feature of this integration?

Re: DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
Adviser
Posts: 172
Registered: ‎09-09-2015
Adviser
Posts: 82

Yes. The existing networks should be synced up by a 3rd party script or you may modify the existing script to trigger on changes and "touch" every existing object so they will be pushed as well.

Regarding "delete function" likley it is not support due to the way how Tenable SC handles individual IPs and limitations of the "meta scripting language".

Re: DEMO VIDEO & TEMPLATES. INTEGRATION WITH TENABLE SECURITY CENTER
New Member
Posts: 3
Registered: ‎11-02-2023
New Member
Posts: 3

Hello,

 

Thanks for providing the templates for Integration.   My integration is working well.   Does anyone know if there are plans to support Asset deletion from Tenable in the future?   If not has anyone written code to make it successfully work?  

 

Bryan 

Showing results for 
Search instead for 
Did you mean: