Hi there,
Infoblox and Tenable Security Center together enable security and incident response teams to leverage the integration of vulnerability scanners , IPAM and DNS security to enhance visibility, manage assets, ease compliance and automate remediation. This video shows how the integration with Tenable Security Center works using Outbound API NIOS 8.2 feature.
All necessary templates are attached to this post. The templates are provided “as-is”, please check them in you Lab environment and modify for your needs before implementing them in production.
The templates require Extensible Attributes, described in the table below. It is recommended to inherit attributes with the default values from the network view level
|
Extensible Attribute
|
Description
|
|
TNBL_Sync
|
Defines if an object should be synced with Tenable SC. Possible values: true, false
|
|
TNBL_SyncTime
|
Contains date/time when the object was synchronized, updated by the assets management template
|
|
TNBL_AddNet
|
Defines if a network should be added to assets. Possible values: true, false. If TNBL_AddNet is false but TNBL_Sync is true, TNBL_AssetIPID and TNBL_AssetHostID will be updated.
|
|
TNBL_AddRange
|
Defines if a range should be added to assets. Possible values: true, false. If TNBL_AddNet is false but TNBL_Sync is true, TNBL_AssetIPID and TNBL_AssetHostID will be updated.
|
|
TNBL_ScanOnEvnt
|
Defines if an asset should be scanned if RPZ or DNS Tunneling events were triggered
|
|
TNBL_ScanOnAdd
|
Defines if an asset should be scanned immediately after creation
|
|
TNBL_ScanTemplate
|
Defines a Tenable SC active scan which should be used for scans initiated by Infoblox. List of possible values should match active scan names on Tenable SC.
|
|
TNBL_ScanTemplateID
|
Internal attribute, which is used to store an active scan id.
|
|
TNBL_AssetIP
|
Defines a Static IP List name. List of possible values should match names of static IP lists on Tenable SC.
|
|
TNBL_AssetIPID
|
Internal attribute, which is used to store a static IP list id.
|
|
TNBL_AssetHost
|
Defines a Static DNS Names List name. List of possible values should match names of static DNS Names lists on Tenable SC.
|
|
TNBL_AssetHostID
|
Internal attribute, which is used to store a static DNS Name list id.
|
|
TNBL_ScanTime
|
Contains a date when an asset was scanned last time by a request from Infoblox
|
|
TNBL_AddByHostname
|
Defines if a host should be synced with Tenable SC using a hostname. Possible values: true, false
|
You can use attached PHP script to create these EAs (do not forget to update $NIOS_baseURL, $NIOS_User, $NIOS_PWD, $data variables based on your configuration)
The detailed description how the templates work and how to configure the integration you can find in these posts:
Any feedback and/or questions are appreciated and very welcome.
BR,
Vadim Pavlov
