Skip to main content
All CollectionsConnectionsProvider
Tenable Vulnerability Management Connection
Tenable Vulnerability Management Connection

This article walks through the details of configuring Tenable Vulnerability Management to connect to Drata.

Updated over a month ago

Connecting Tenable Vulnerability Management to Drata allows for the automated, continuous monitoring of SLA due dates and evidence collection of vulnerabilities issues required for compliance.

This integration automates evidence collection for the Vulnerability Scanning test, which is mapped to DCF-18 by default. You can view findings by selecting the View Findings button after connecting or navigating directly to the Vulnerabilities page through the left-side navigation menu.

Prerequisite

  • Create a Tenable API key with the correct configurations. You will need the client key and secret key to connect to Drata. You will receive these values after creating the Tenable API key.

    1. Log into your Tenable account .

    2. Before creating the API key, ensure that the user account has the following permissions. You may need to create these permissions if they do not exist:

      • Role: Basic User.

      • Permissions: Can View

      • Objects: All Assets

    3. After ensuring the user account has the correct permissions, create the Tenable API key. You can access this by selecting Settings > API Keys.

    4. Once the API key is generated, ensure to save the Access Key (Client Key) and Secret Key values. You will need these values to connect Tenable to Drata.

Note: Drata will pull up to 1,000 new or updated vulnerabilities for each connection daily, ordered by severity from critical to low. You can select what kind of vulnerabilities will be synced based on the severity when connecting.

Connect Tenable Vulnerability Management to Drata

  1. Select Connections from the left-side navigation menu.

  2. Go to the Available Connections tab and search for "Tenable Vulnerability Management".

    • Alternatively, you can select Vulnerability Scanning under the Types section of the connections to search for the connection.

  3. In the connection drawer, you can select the severity and the date of the vulnerabilities you want to sync. These selections will also be included in the test result report for visibility.

    • Severity of vulnerabilities: Select the severity level of the vulnerabilities that you want to sync into Drata for compliance monitoring. Critical and High are auto-selected. Drata will bring up to 1000 new vulnerabilities or updates to vulnerabilities, sorted by severity.

    • First seen on: Select the date when the vulnerabilities you want to sync were first created. All vulnerabilities detected on and after this date will be synced.

  4. Select the connect button to proceed.

  5. Enter your Client Key and Secret Key for the read-only Tenable API key you created. The role should be set to Basic, with Can View permissions for the necessary assets.

Once the connection is successfully created, you can select the View Findings button on the connection card or navigate to the Vulnerabilities page to review and manage the synced vulnerabilities for compliance monitoring. Learn more at Vulnerabilities help article.

Did this answer your question?