Tenable

Tenable Scan template (TenableScan.json.txt) was updated.

BR,

Vadim

FYI re: php script... an adition of the following cURL optional parameter might be needed to allow the PHP script to work correctly, also, don't forget to uncomment out the cURL extension in the file php.ini  (extension=curl) if php gives a curl_init() function not found error:

    CURLOPT_SSL_VERIFYHOST => false,

So the entire definition of curl_setopt_array() from TNBL_create_EAs.php looks like this:

#extensibleattributedef

  $ch = curl_init();
  curl_setopt_array($ch,array(
    CURLOPT_USERPWD => $NIOS_User . ":" . $NIOS_PWD,
    CURLOPT_CUSTOMREQUEST => "POST",
    CURLOPT_SSL_VERIFYPEER => false,
    CURLOPT_SSL_VERIFYHOST => false,
   CURLOPT_VERBOSE => true,
    CURLOPT_TIMEOUT => 30,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => array('Content-Type: application/json')
    )
  );

Good catch!

I think it is worth noting that you are on a very old version of NIOS. Per the Deployment Guide, you need to be at 8.2 at a minimum. You also need the Security Ecosystem License which is not supported in that version.

From the Guide requirements:

Infoblox:

1. NIOS 8.2 or higher

2. Security Ecosystem License

3. Outbound API integration templates

4. Prerequisites for the templates (e.g. configured and set extensible attributes)

Looks like there is a typo. You are running NIOS 8.4.0.

Do not define asset group in a scan IP, define a dummy IP instead.

Unfortunately Tenable some limitations if you want to a trigger scan for a single IP so the scan process work this way:

- a scan template should be created and it should contain all required configuration. It must be configured with a dummy IP (e.g. 10.0.0.1) as a scan target instead of an asset group.

- OutAPI copies the scan template.

- OutAPI replace the dummy IP with an IP which should be scanned.

- OutAPI execute the scan.

Vadim

Hello Dears,

Kindly you help with exact notifications values and setting as I didn't find any in the docs.

and the vidoe was ready and configured not showing the exact break down settings.

your support

thanks in advanced.

this photo I ment I want the details of inside rules and conditions.. no info in the video or doc.

thx

In a notification you select which template to execute and what will be an endpoint. It is straight forward.

You can not select a template if it is not supporting the notification type.

Hello,

thanks for your support.

but I still have issue e.g. in DNS tunelling I couln't know how I can make the rule cause nothing in docs or video it's already configured I want the condition inside the notification it self.

e.g for add net or host I did condition "Network View" inside "Default" so all is good but still need help for dns tuneling

thx

Hello Dear,

thanks for your support

I found the issue

I have to choose match CIDR then put network 10.0.0.0/8 it will work

thx.

Yep. Forgot about that you should add a filter for the events. These events will be triggered only for 10.0.0.0/8 network. Depending on an event type you can add it per network view, network, evet type etc.

Hi Vadim,

I am using this to sync IPv4 network IPAM objects on NIOS 8.6.1, but it seems that our existing network objects will not trigger the notification and get synced with Tenable. It is only newly created network objects that are synced. Is there a way to get this to work with exsiting network objects?

Also I noticed that deleted IPAM network objects don't get removed from Tenable. Is that a feature of this integration?

Yes. The existing networks should be synced up by a 3rd party script or you may modify the existing script to trigger on changes and "touch" every existing object so they will be pushed as well.

Regarding "delete function" likley it is not support due to the way how Tenable SC handles individual IPs and limitations of the "meta scripting language".

Hello,

Thanks for providing the templates for Integration.   My integration is working well.   Does anyone know if there are plans to support Asset deletion from Tenable in the future?   If not has anyone written code to make it successfully work?  

Bryan