Integrating Security Center(Tenable.sc) with Tenable.io
Tenable.sc is an amazing analytical tool for on-prem vulnerability management. It’s very common for Tenable.sc customer’s to purchase Tenable.io for small foot-prints or for the cloud-native capabilities Tenable.io offers.
However, there is no Official integration between Tenable.io and Tenable.sc for internal scans. External scans and Agents are the only scans that are integrated into Tenable.sc.
The integration is simple. Export dot nessus files from Tenable.io and import them into Tenable.sc via the API using python. Luckily no coding is needed, thanks to the Tenable.io Swiss Army knife; navi.
Let’s get started…
First, you need to install Python3. Log into Tenable.sc via ssh and run the below command to install Python3.
sudo yum install python3
Next, you need to install navi; a command-line tool to Tenable.io.
sudo pip3 install navi-pro
Now, you need to grab your authentication keys from Tenable.io and from Tenable.sc. These are needed for navi to log into both products and export and import scans.
In Tenable.io, navigate to My Account → API Keys → Generate keys
Now enter you keys into navi at the command-line as shown below in your home directory:
navi keys --a access_key --s secret_key
Now, log into T.sc and grab your API keys. Right click on your user and click Generate API keys. A prompt like below will be shown:
Okay, let’s grab the scan IDs we want to import into Tenable.sc. The below navi command will show you all of the scans available to the navi user in Tenable.io.
navi display scans
Before we can download and import our scan ‘5000’, we need to grab the repository ID for where we want the data to land in Tenable.sc. So let’s log back into Tenable.sc as an admin and create a new Repo called “Navi Test”.
Afterward creating it, click on the new repo and select edit. Grab the Repo ID from the URL string.
Alright, now we can begin to move scan 5000 to the new repo. First let’s take a look at the syntax navi requires to integrate T.io with T.sc.
Finally, let’s construct our command. The ‘ --host’ option expects the IP address or the FQDN of Tenable.sc. My lab is : 192.168.128.200 as shown below.
navi scan bridge --a 040db538c34f42238c9a7a2d0a94ee8a --s 0eb43c4190bb4632b142dde140d03200 --host 192.168.128.200 --scanid 5000 --repoid 56
Verify the data is in the new Repo by logging into T.sc
Last, you will need to put this command and others, assuming you want to integrate more than one scan, on a cronjob. Schedule the navi command to complete after your scan job completes.
For advanced workflows you could start a scan, follow the progress using navi scan commands; but that is beyond the scope of this article!
Let’s finish the integration with a cron job. Cron runs from the home directory so make sure you run ‘navi keys’ command in your home directory to build the navi.db; otherwise this won’t work.
sudo crontab -e
If you wanted to run the integration every day at midnight the below would suffice. For more help with cron format check out the Crontab Generator
All right, that’s all folks!
Now scan 5000 will be downloaded every day at midnight and imported in to Tenable.sc!
We integrated Tenable.sc and Tenable.io with out writing any code!