Tenable VM

Tenable VM

The Tenable VM integration in the Praetorian Guard Platform (PGP) provides continuous visibility into your organization's vulnerability posture by connecting directly with your Tenable.io Vulnerability Management instance. This integration automatically discovers assets and vulnerabilities from your Tenable.io scans, incorporating them into PGP's continuous threat exposure management platform.

Key Features

  • Automated Asset Discovery: Automatically imports assets from Tenable.io scans into PGP

  • Vulnerability Analysis: Processes and imports vulnerability findings with detailed metadata

  • CVSS Score Integration: Maps Tenable severity ratings to PGP's risk framework using CVSS scores

  • Daily Synchronization: Runs on a scheduled basis to import new scan results and findings

  • Smart Deduplication: Intelligently consolidates duplicate findings across multiple scans

Prerequisites

Before setting up the Tenable VM integration, you'll need:

  1. An active Tenable.io account with access to create users and generate API keys

  2. API access keys from Tenable.io (Access Key and Secret Key)

  3. Access to your PGP instance

Setup Instructions

Set or Confirm Service Account Permissions

First, make sure Tenable VM has a permission that grants Can View access to All Assets. PGP needs to assign this permission to the service account you'll create in the next step.

Log in to your Tenable console and navigate to Settings > Access Control.

Click the Permissions tab.

Verify that a permission exists granting Can View access to All Assets.

If no such permission exists, create one. Click Create Permission.

Configure the permission to allow Can View for All Assets, assign it to the appropriate users or groups, and click Save.

Create a Service Account in Tenable VM

Next, create a dedicated service account for PGP to use when connecting to Tenable VM.

From Settings > Access Control, open the Users tab.

Click Create User.

Enter a Name, Username, Email, and password, and set the Role to Standard User.

Enable API Key Authentication, then click Next.

Optionally, add the user to a user group.

Assign the Can View All Assets permission, then click Save.

Generate API Keys

Next, generate API keys for the new service account.

In Settings > Access Control > Users, click the service account you just created. Scroll to the API Keys section and click More to expand the options.

Click Generate API Keys.

Click Replace & Generate to create the new keys.

Copy and securely store both the Access Key and Secret Key β€” you'll need them in the next step, and Tenable will not display them again.

Configure the Integration in PGP

In PGP, open Integrations from the left navigation (under Administration, near the bottom).

Click Add Integration.

Under Vulnerability Management, find the Tenable VM card and click Integrate.

Enter your connection details:

  • Tenable VM URL

  • Access Key

  • Secret Key

Then choose what data PGP should import:

  • Import Assets β€” imports and scans all external assets from Tenable VM

  • Import Vulnerabilities β€” imports external vulnerabilities and their associated assets

Once configured, PGP will import data daily based on your selected import settings.

For assistance with integration setup or optimization, contact our support team at support@praetorian.com.