Tenable.io

  • Updated on Apr 20, 2025
  • Published on May 30, 2023
Prev Next
Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

TL;DR

Supported data types

3rd party detection

Hunters detection

IOC search

Search

Table name

Log format

Collection method

Tenable.io assets

tenable_io_assets

NDJSON

API

Tenable.io vulnerabilities

tenable_io_vulnerabilities

NDJSON

API

Overview

imageTenable.io is a cloud-based vulnerability management platform that provides continuous visibility into security risks across IT assets, including cloud, containers, and on-premises systems. It helps organizations identify, assess, and prioritize vulnerabilities using real-time scanning and risk-based analytics. Tenable.io integrates with various security tools to streamline remediation efforts and improve overall cybersecurity posture.

Supported data types

Tenable.io assets

Table name: tenable_io_assets

Asset logs in Tenable.io are detailed records that track information about the assets within an organization's network. These logs are key to understanding the security and compliance status of each asset and play a vital role in effective vulnerability management.

Tenable.io vulnerabilities

Table name: tenable_io_vulnerabilities

Vulnerabilities logs in Tenable.io contain rich, actionable data about identified vulnerabilities, including but not limited to:

  • Vulnerability Details: Each log entry includes comprehensive information about the vulnerability, such as its name, description, severity rating, and the specific CVE (Common Vulnerabilities and Exposures) identifier, if applicable.

  • Affected Assets: Information on which assets are impacted by a particular vulnerability, providing insight into the scope and potential impact of the threat across the network.

  • Scan Results: Details from the scans that identified the vulnerabilities, including scan date, time, and the scanning policies used. This also helps in tracking the vulnerability discovery and remediation process over time.

Send data to Hunters

Hunters supports the collection of logs from Tenable.io using API.

To connect Tenable.io logs:

  1. Follow this guide by Tenable to retrieve your Access and Secret Keys.

    📘Note

    Make sure to generate keys with Administrator Permissions as described in this article by Tenable.

  2. Complete the process on the Hunters platform, following this guide.

    📘Note

    The shared Access and Secret Keys should be unique only for Hunters.

Expected format

Logs are expected in JSON format.

Tenable Asset Example

{
    "id": "uuid",
    "has_agent": false,
    "has_plugin_results": true,
    "created_at": "2022-01-01T01:01:11.111Z",
    "terminated_at": null,
    "terminated_by": null,
    "updated_at": "2022-01-01T01:22:01.111Z",
    "deleted_at": null,
    "deleted_by": null,
    "first_seen": "2022-01-01T01:22:01.111Z",
    "last_seen": "2022-01-01T01:22:01.111Z",
    "first_scan_time": "2022-01-01T01:22:01.111Z",
    "last_scan_time": "2022-01-01T01:22:01.111Z",
    "last_authenticated_scan_date": null,
    "last_licensed_scan_date": "2022-01-01T01:22:01.111Z",
    "last_scan_id": "uuid",
    "last_schedule_id": "template-id",
    "azure_vm_id": null,
    "azure_resource_id": null,
    "gcp_project_id": null,
    "gcp_zone": null,
    "gcp_instance_id": null,
    "aws_ec2_instance_ami_id": null,
    "aws_ec2_instance_id": null,
    "agent_uuid": null,
    "bios_uuid": null,
    "network_id": "00000000-0000-0000-0000-000000000000",
    "network_name": "Default",
    "aws_owner_id": null,
    "aws_availability_zone": null,
    "aws_region": null,
    "aws_vpc_id": null,
    "aws_ec2_instance_group_name": null,
    "aws_ec2_instance_state_name": null,
    "aws_ec2_instance_type": null,
    "aws_subnet_id": null,
    "aws_ec2_product_code": null,
    "aws_ec2_name": null,
    "mcafee_epo_guid": null,
    "mcafee_epo_agent_guid": null,
    "servicenow_sysid": null,
    "bigfix_asset_id": null,
    "agent_names": [],
    "installed_software": [],
    "ipv4s": [
        "10.10.10.10"
    ],
    "ipv6s": [],
    "fqdns": [],
    "mac_addresses": [],
    "netbios_names": [],
    "operating_systems": [
        "Linux"
    ],
    "system_types": [
        "general-purpose"
    ],
    "hostnames": [],
    "ssh_fingerprints": [],
    "qualys_asset_ids": [],
    "qualys_host_ids": [],
    "manufacturer_tpm_ids": [],
    "symantec_ep_hardware_keys": [],
    "sources": [
        {
            "name": "NESSUS_SCAN",
            "first_seen": "2022-01-01T01:22:01.111Z",
            "last_seen": "2022-01-01T01:22:01.111Z"
        }
    ],
    "tags": [],
    "network_interfaces": [
        {
            "name": "UNKNOWN",
            "virtual": null,
            "aliased": null,
            "fqdns": [],
            "mac_addresses": [],
            "ipv4s": [
                "10.10.10.10"
            ],
            "ipv6s": []
        }
    ],
}

Tenable Vulnerability Example

{
    "asset": {
        "device_type": "general-purpose",
        "hostname": "10.10.10.10",
        "uuid": "uuid",
        "ipv4": "10.10.10.10",
        "last_unauthenticated_results": "2022-04-04T04:04:04Z",
        "operating_system": [
            "Linux"
        ],
        "network_id": "00000000-0000-0000-0000-000000000000",
        "tracked": true
    },
    "output": "\nAn AMQP server was found :\n\n  Protocol : null\n  Version  : 0.0.1\n",
    "plugin": {
        "checks_for_default_account": false,
        "checks_for_malware": false,
        "cpe": [],
        "cvss3_base_score": 0,
        "cvss3_temporal_score": 0,
        "cvss_base_score": 0,
        "cvss_temporal_score": 0,
        "description": "The remote host is running an AMQP server",
        "exploit_available": false,
        "exploit_framework_canvas": false,
        "exploit_framework_core": false,
        "exploit_framework_d2_elliot": false,
        "exploit_framework_exploithub": false,
        "exploit_framework_metasploit": false,
        "exploited_by_malware": false,
        "exploited_by_nessus": false,
        "family": "Service detection",
        "family_id": 1,
        "has_patch": false,
        "id": 12345,
        "in_the_news": false,
        "name": "Advanced Message Queuing Protocol Detection",
        "modification_date": "2022-04-04T04:04:04Z",
        "publication_date": "2009-09-09T09:09:09Z",
        "risk_factor": "None",
        "see_also": [],
        "solution": "N/A",
        "synopsis": "A messaging service is listening on the remote host.",
        "type": "remote",
        "unsupported_by_vendor": false,
        "version": "1.0"
    },
    "port": {
        "port": 1234,
        "protocol": "TCP"
    },
    "scan": {
        "completed_at": "2022-03-04T04:04:04.040Z",
        "schedule_uuid": "template-id",
        "started_at": "2022-03-04T04:04:04.040Z",
        "uuid": "id"
    },
    "severity": "info",
    "severity_id": 0,
    "severity_default_id": 0,
    "severity_modification_type": "NONE",
    "state": "OPEN",
    "first_found": "2022-03-04T04:04:04.040Z",
    "last_found": "2022-04-04T04:04:04.040Z",
    "indexed": "2022-04-04T04:04:04.040Z",
    "sample_time": "2022-04-04T04:04:04.040Z"
}