New
Join our webinar! Building a customizable and extensible cloud asset inventory at scale
CloudQuery News

Introducing the new Tenable Source Integration

Ştefan Muraru

Ştefan Muraru

Tenable offers cybersecurity solutions that help organizations identify, assess, and manage vulnerabilities across their IT and operational technology environments, enhancing overall cyber resilience.
The new Tenable CloudQuery Source Integration enhances cloud security by enabling comprehensive vulnerability management and asset visibility, empowering organizations to proactively identify and mitigate risks in their cloud environments.
With the latest release, the CloudQuery Tenable Source Integration supports fetching the following resources from Tenable:

Use cases #

Let's look at a few use cases to help you get started.

Severe vulnerabilities #

It's crucial to stay on top of known vulnerabilities in your code, especially the higher the severity. You can use this SQL query below to pull out all open high & critical vulnerabilities.
select
    output, severity
from
    tenable_tvm_vulnerabilities as v
where
    v.severity_id >= 3 and v.state = 'OPEN'
In this example, we're using Postgres as our destination as it allows us to use some advanced SQL querying methods against our vulnerability data from Tenable.
Remember you can always add more filters, so you can easily find which assets need fixing. For example, to group vulnerability findings by assets, you can run the following query:
select
    a.id as asset_id,
    a.fqdns as asset_fqdn,
    count(*) as count
from
    tenable_tvm_vulnerabilities as v
    join tenable_tvm_assets as a on v.asset_id = a.id
where
    v.severity_id >= 3 and v.state = 'OPEN'
group by a.id, a.fqdns

Asset inventory alerts #

It's tough keeping track of all assets in your inventory, especially on multiple cloud providers with multiple accounts, distributed amongst multiple teams. However, Tenable's discovery through Nessus scans can build up an inventory of those assets. Next, it's as easy as running the following query to retrieve the assets tied to a specific platform:
select
    *
from
    tenable_tvm_assets as a
where
    'gcp-instance' = ANY (a.system_types);
Or, going further, you can setup alert notifications by using the results of the following query that searches for GCP instances that were first discovered in the last week:
select
    a.fqdns as asset_fqdn,
    a.ipv4s as asset_ipv4,
    a.ipv6s as asset_ipv6,
    a.gcp_zone as asset_gcp_zone,
    a.gcp_project_id as asset_gcp_project_id,
    a.gcp_instance_id as asset_gcp_instance_id
from
    tenable_tvm_assets as a
where
    a.first_seen >= now() - interval '1 week'
    and 'gcp-instance' = ANY (a.system_types);

Getting Started #

To get started syncing Tenable data, see the Tenable Source Integration documentation for instructions.

Incremental data #

To prevent repeated syncing of the same data CloudQuery supports incremental tables. We designed part of the Tenable tables to be incremental, as the size of audit logs can quickly get out of control, especially for the tenable_tvm_vulnerabilities one.
To take advantage of this feature be sure to add the backend_options field to your sync spec.
For example, to sync from Tenable to Postgres you could use the following configuration (remember to update the versions and add your own credentials):
kind: source
spec:
  name: tenable
  path: cloudquery/tenable
  registry: cloudquery
  version: "v2.x.x"
  tables:
    - "*"
  destinations: ["postgresql"]
  backend_options:
    table_name: "cq_state_tenable"
    connection: "@@plugins.postgresql.connection"
  spec:
    access_key: "${TENABLE_ACCESS_KEY}"
    secret_key: "${TENABLE_SECRET_KEY}"
---
kind: destination
spec:
  name: postgresql
  path: cloudquery/postgresql
  registry: cloudquery
  version: "v8.x.x"
  spec:
    connection_string: "${POSTGRES_DSN}"

Ready to get started with CloudQuery? You can try out CloudQuery locally with our quick start guide or explore the CloudQuery Platform (currently in beta) for a more scalable solution.
Got feedback or suggestions? Join the CloudQuery community to connect with other users and experts, or message our team directly here if you have any questions.
Ştefan Muraru

Written by Ştefan Muraru

Team Lead, Senior Backend Engineer

Turn cloud chaos into clarity

Find out how CloudQuery can help you get clarity from a chaotic cloud environment with a personalized conversation and demo.

Join our mailing list

Subscribe to our newsletter to make sure you don't miss any updates.

Legal

© 2024 CloudQuery, Inc. All rights reserved.

We use tracking cookies to understand how you use the product and help us improve it. Please accept cookies to help us improve. You can always opt out later via the link in the footer.