API requirements for Tenable.io

To ensure that IVR can retrieve the essential vulnerability data from Tenable, it is necessary to meet the following requirements:
  • User with Administrator user role within Tenable
  • All Assets set to Can View. For more information, see Tenable Permissions.

To generate User's API keys:

  1. In the Tenable.io web user interface, click the button on the top right corner of the header.


  2. Click My account button. The user account menu appears.


  3. Select API Keys from the left-hand navigation.


  4. Click the Generate button in the lower right part of the browser.


  5. Acknowledge the warning by clicking Continue in the pop-up box.


  6. Tenable.io generates new access key and secret key. Copy the two generated keys and paste into the IVR configuration page to enable the interface. Be sure to copy access and secret keys to a safe location as keys are displayed only once. After the tab is closed, API keys cannot be retrieved from Tenable.io.


    Once the API keys are generated, you can proceed with the Deployment process. In the Deployment Fixlet, you will need to provide the Access Key and the Secret Key.

    Refer to this page for more information about User Roles and Permissions:https://docs.tenable.com/tenableio/Content/Settings/UserRoles.htm

    With the API keys generated, you can validate API credentials by using below curl commands:
    1. Get Vuln Export UUID:

      curl --request POST --url https://cloud.tenable.com/vulns/export --header "Accept: application/json" --header "Content-Type: application/json" --header "X-ApiKeys: accessKey=redactedaccesskey; secretKey=redactedsecretkey"

    2. Get Vuln Export Status for given UUID:

      curl --request GET --url https://cloud.tenable.com/vulns/export/21a70c98-8e8d-4b64-b7e0-4c57a245126f/status --header "Accept: application/json" --header "Content-Type: application/json" --header "X-ApiKeys: accessKey=redactedaccesskey; secretKey=redactedsecretkey"

    3. Get Chunk 1 of vuln data for given UUID:

      curl --request GET --url https://cloud.tenable.com/vulns/export/21a70c98-8e8d-4b64-b7e0-4c57a245126f/chunks/1 --header "Accept: application/octet-stream" --header "X-ApiKeys: accessKey=redactedaccesskey; secretKey=redactedsecretkey"

      In each example above, replace ‘redactedaccesskey’ and ‘redactedsecretkey’ with the same API keys/credentials as those being used for the integration. Also, for API calls 2 and 3, replace the example UUID in the request URL (21a70c98-8e8d-4b64-b7e0-4c57a245126f) with the UUID value returned from API call 1.