announcement
product

Introducing the new Tenable Source Plugin

Ştefan Muraru

Ştefan Muraru

Tenable offers cybersecurity solutions that help organizations identify, assess, and manage vulnerabilities across their IT and operational technology environments, enhancing overall cyber resilience.
The new Tenable CloudQuery Source Plugin enhances cloud security by enabling comprehensive vulnerability management and asset visibility, empowering organizations to proactively identify and mitigate risks in their cloud environments.
With the latest release, the CloudQuery Tenable Source Plugin supports fetching the following resources:

Use cases

Let's look at a few use cases to help you get started.

Severe vulnerabilities

It's crucial to stay on top of known vulnerabilities in your code, especially the higher the severity. You can use this SQL query below to pull out all open high & critical vulnerabilities.
select
    output, severity
from
    tenable_tvm_vulnerabilities as v
where
    v.severity_id >= 3 and v.state = 'OPEN'
In this example, we're using Postgres as our destination as it allows us to use some advanced SQL querying methods against our vulnerability data from Tenable.
Remember you can always add more filters, so you can easily find which assets need fixing. For example, to group vulnerability findings by assets, you can run the following query:
select
    a.id as asset_id,
    a.fqdns as asset_fqdn,
    count(*) as count
from
    tenable_tvm_vulnerabilities as v
    join tenable_tvm_assets as a on v.asset_id = a.id
where
    v.severity_id >= 3 and v.state = 'OPEN'
group by a.id, a.fqdns

Asset inventory alerts

It's tough keeping track of all assets in your inventory, especially on multiple cloud providers with multiple accounts, distributed amongst multiple teams. However, Tenable's discovery through Nessus scans can build up an inventory of those assets. Next, it's as easy as running the following query to retrieve the assets tied to a specific platform:
select
    *
from
    tenable_tvm_assets as a
where
    'gcp-instance' = ANY (a.system_types);
Or, going further, you can setup alert notifications by using the results of the following query that searches for GCP instances that were first discovered in the last week:
select
    a.fqdns as asset_fqdn,
    a.ipv4s as asset_ipv4,
    a.ipv6s as asset_ipv6,
    a.gcp_zone as asset_gcp_zone,
    a.gcp_project_id as asset_gcp_project_id,
    a.gcp_instance_id as asset_gcp_instance_id
from
    tenable_tvm_assets as a
where
    a.first_seen >= now() - interval '1 week'
    and 'gcp-instance' = ANY (a.system_types);

Getting Started

To get started syncing Tenable data, see the Tenable source plugin documentation for instructions.

Incremental data

To prevent repeated syncing of the same data CloudQuery supports incremental tables. We designed part of the Tenable tables to be incremental, as the size of audit logs can quickly get out of control, especially for the tenable_tvm_vulnerabilities one.
To take advantage of this feature be sure to add the backend_options field to your sync spec.
For example, to sync from Tenable to Postgres you could use the following config (remember to update the versions and add your own credentials):
kind: source
spec:
  name: tenable
  path: cloudquery/tenable
  registry: cloudquery
  version: "v2.x.x"
  tables:
    - "*"
  destinations: ["postgresql"]
  backend_options:
    table_name: "cq_state_tenable"
    connection: "@@plugins.postgresql.connection"
  spec:
    access_key: "${TENABLE_ACCESS_KEY}"
    secret_key: "${TENABLE_SECRET_KEY}"
---
kind: destination
spec:
  name: postgresql
  path: cloudquery/postgresql
  registry: cloudquery
  version: "v8.x.x"
  spec:
    connection_string: "${POSTGRES_DSN}"

Ready to dive deeper?
Join the CloudQuery Discord community to connect with other users and experts.
Subscribe to product updates

Be the first to know about new features.


© 2024 CloudQuery, Inc. All rights reserved.