This page walks you through setting up readonly Tenable.io VM for your Unified VRM, and ingesting Tenable.io VM data inside Unified VRM.
Before you begin
To complete this quickstart, including setting up a Tenable.io VM credential for your Unified VRM, you'll need to have:
- Tenable.io VM subscription
- Tenable.io Administrator role
- Unified VRM Admin privileges
To sync asset and vulnerability data from Tenable.io into Unified VRM, Tenable.io recommends creating a dedicated account with an administrator role.
Benefits of Tenable.io administrator role
Tenable.io administrator role enables use of the export API when integrating external systems. This provides the following benefits:
- Officially supported by Tenable and follows Tenable.io best practice.
- Sync Tenable.io tags, target groups and risk recasts.
- Faster sync and avoids API rate limits.
Tenable.io best practice for exporting assets and vulnerabilities
From page 29 of Tenable.io API Best Practices Guide:
The Tenable.io export API requires administrator role:
Supports Tenable.io elastic assets
Tenable.io's Asset UID is how Tenable.io tracks assets across IPs. Asset UIDs are only available via the export API and not available in scan files.
While the Asset Workbench API does support the Asset UID, it’s limited to 5,000 assets:
Faster sync and avoids API rate limits
Create a Tenable.io account with administrator role
Create an account for Unified VRM to download scans from customer’s Tenable.io VM account.
Step 1: Create a Unified VRM user account in Tenable.io VM
The following Tenable documentation shows how to create a user account.
Unified VRM requires an Administrator role per Tenable.io's API requirements.
Please use the following values when creating a new user:
- Username: uvrm@[customer domain]
- Full Name: UVRM
- Email: [customer’s email address]
- Role: Administrator
- Password: [choose a strong password]
Step 2: Provide NopSec with user credentials
Please provide the Unified VRM user account’s username and password to your Technical Account Manager by requesting a secure file delivery. Your Technical Account Manager will confirm API access shortly.
Troubleshooting: No asset groups in Unified VRM
Tenable.io Target Groups allow you to set which users have permission to see them. If the Tenable.io uvrm has "No access" permission against a target group, Unified VRM will not be able to import it.
The Tenable.io uvrm account must have either "Can Use" or "Can Scan" permission to import a target group. Alternatively, ensure the Tenable.io uvrm role is administrator.
More info here: About Target Groups (Tenable.io)