This guide will provide you with the information needed to configure the Tenable Security Center Advanced App.

The Tenable Security Center app collects security alert logs from Tenable and can be scheduled to collect data every 15 minutes. Users can use the app to create scans in Tenable through response actions in USM Anywhere.

Permissions needed:

For directions on enabling and generating API keys from Tenable, visit their documentation here: Enable API Key Authentication (Tenable Security Center 6.5.x)

The Actions tab provides the Tenable Security Center API Reference Guide and shows the available response action of Creating a scan.

The API reference link will redirect to the Tenable Security Center API Reference Guide shown below.

Create Scan for Alerts action is listed in the actions tab.

The Tenable Security Center app has a default scheduler to fetch events every 15 minutes.

Users can change the scheduler time from the UI by toggling the enable option and editing the scheduler time.

The Tenable Security Center Alert API doesn’t support pagination, so this Scheduler fetches all time alert logs for the first time when the app is reset and saves the “Created Time” of the last Alert. From the next scheduled run it checks whether any logs are generated after the “Created Time” and pushes them to USMA in order to avoid duplicate logs.

Users can create a scan for alerts using the response action from the events and/or the alarms page.

When initiating the action, you'll see a Policy ID. Users will select a policy and repository from the drop down and click run.

If the app is configured correctly, you will receive a sensor action success notification once the action is run.

You'll see now in the app configuration that the Orchestration Action Count has increased when an action is run.

The created scan will then be available in the Tenable portal.

If your app has not been configured correctly, then the actions will not be available to perform.

For every successful run of the scheduler, a success message along with the number of events fetched will be displayed in the schedulers page and if the scheduler fails to fetch the logs, an error message will be displayed.

You can also expand on the history to see details about user actions.