CloudQuery News
Introducing the new Tenable Source Integration
Tenable offers cybersecurity solutions that help organizations identify, assess, and manage vulnerabilities across their IT and operational technology environments, enhancing overall cyber resilience.
The new Tenable CloudQuery Source Integration enhances cloud security by enabling comprehensive vulnerability management and asset visibility, empowering organizations to proactively identify and mitigate risks in their cloud environments.
With the latest release, the CloudQuery Tenable Source Integration supports fetching the following resources from Tenable:
- Vulnerability Management (TVM) data
- Discovered assets into the
tenable_tvm_assetstable. - Compliance findings into the
tenable_tvm_compliance_findingstable. - Plugins that were used for vulnerability assessment, into the
tenable_tvm_pluginstable. - Scans into the
tenable_tvm_scanstable. - Vulnerabilities into the
tenable_tvm_vulnerabilitiestable.
- Platform Users into the
tenable_userstable.
Use cases #
Let's look at a few use cases to help you get started.
Severe vulnerabilities #
It's crucial to stay on top of known vulnerabilities in your code, especially the higher the severity. You can use this SQL query below to pull out all open high & critical vulnerabilities.
select
output, severity
from
tenable_tvm_vulnerabilities as v
where
v.severity_id >= 3 and v.state = 'OPEN'In this example, we're using Postgres as our destination as it allows us to use some advanced SQL querying methods against our vulnerability data from Tenable.
Remember you can always add more filters, so you can easily find which assets need fixing. For example, to group vulnerability findings by assets, you can run the following query:
select
a.id as asset_id,
a.fqdns as asset_fqdn,
count(*) as count
from
tenable_tvm_vulnerabilities as v
join tenable_tvm_assets as a on v.asset_id = a.id
where
v.severity_id >= 3 and v.state = 'OPEN'
group by a.id, a.fqdnsAsset inventory alerts #
It's tough keeping track of all assets in your inventory, especially on multiple cloud providers with multiple accounts, distributed amongst multiple teams.
However, Tenable's discovery through Nessus scans can build up an inventory of those assets. Next, it's as easy as running the following query to retrieve the assets tied to a specific platform:
select
*
from
tenable_tvm_assets as a
where
'gcp-instance' = ANY (a.system_types);Or, going further, you can setup alert notifications by using the results of the following query that searches for GCP instances that were first discovered in the last week:
select
a.fqdns as asset_fqdn,
a.ipv4s as asset_ipv4,
a.ipv6s as asset_ipv6,
a.gcp_zone as asset_gcp_zone,
a.gcp_project_id as asset_gcp_project_id,
a.gcp_instance_id as asset_gcp_instance_id
from
tenable_tvm_assets as a
where
a.first_seen >= now() - interval '1 week'
and 'gcp-instance' = ANY (a.system_types);Getting Started #
To get started syncing Tenable data, see the Tenable Source Integration documentation for instructions.
Incremental data #
To prevent repeated syncing of the same data CloudQuery supports incremental tables. We designed part of the Tenable tables to be incremental, as the size of audit logs can quickly get out of control, especially for the
tenable_tvm_vulnerabilities one.To take advantage of this feature be sure to add the
backend_options field to your sync spec.For example, to sync from Tenable to Postgres you could use the following configuration (remember to update the versions and add your own credentials):
kind: source
spec:
name: tenable
path: cloudquery/tenable
registry: cloudquery
version: "v2.x.x"
tables:
- "*"
destinations: ["postgresql"]
backend_options:
table_name: "cq_state_tenable"
connection: "@@plugins.postgresql.connection"
spec:
access_key: "${TENABLE_ACCESS_KEY}"
secret_key: "${TENABLE_SECRET_KEY}"
---
kind: destination
spec:
name: postgresql
path: cloudquery/postgresql
registry: cloudquery
version: "v8.x.x"
spec:
connection_string: "${POSTGRES_DSN}"Ready to get started with CloudQuery? You can try out CloudQuery locally with our quick start guide or explore the CloudQuery Platform (currently in beta) for a more scalable solution.
Got feedback or suggestions? Join the CloudQuery community to connect with other users and experts, or message our team directly here if you have any questions.
