Tenable.io

[jamiehynds]

Description

Tenable.io allows security and audit teams to share multiple Nessus, Nessus Agent, and Nessus Network Monitor scanners, scan schedules, scan policies, and scan results among an unlimited set of users or groups. Tenable is comparable to Tenable.sc in terms of functionality, but based in the cloud and delivered as SaaS.

Architecture

Tenable.io provides an API - https://developer.tenable.com/docs/get-started

Integration release checklist

This checklist is intended for integrations maintainers to ensure consistency
when creating or updating a Package, Module or Dataset for an Integration.

All changes

• Change follows the contributing guidelines
• Supported versions of the monitoring target are documented
• Supported operating systems are documented (if applicable)
• Integration or System tests exist
• Documentation exists
• Fields follow ECS and naming conventions
• At least a manual test with ES / Kibana / Agent has been performed.
• Required Kibana version set to:

New Package

• Screenshot of the "Add Integration" page on Fleet added

Dashboards changes

• Dashboards exists
• Screenshots added or updated
• Datastream filters added to visualizations

Log dataset changes

• Pipeline tests exist (if applicable)
• Generated output for at least 1 log file exists
• Sample event (sample_event.json) exists

[elasticmachine]

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

[LaZyDK]

Any updates to this one? :)

[NateUT99]

Is this still actively being worked on? Would love to be able to take advantage of Kibana for vulnerability reporting, and metadata enrichment for security alerts/cases.

[jamiehynds]

@LaZyDK @NateUT99 we'll be starting on the Tenable.io shortly. We were blocked until recently, as we needed to modify our httpjson input to cater for the way Tenable's API works. I'll update you both as soon as we have something to share.