Skip to main content
Sign in

Creating an extended integration for Tenable Security Center assets

  • November 10, 2024 13:07
  • Updated

Integrate Tenable Security Center with Oomnitza to gain visibility of hosts.

Information about the hosts, including modification time, OS information, identification, and seen information, is synced with Oomnitza.

This integration leverages the Hosts API. For further information, see Tenable Security Center API Documentation: Hosts

Information

Credentials

For information on adding your Tenable Security Center credentials to Oomnitza, refer to Adding your Tenable Security Center credentials to Oomnitza.

API URL

Before you run the integration, you will be asked to supply your full API URL. Your URL will be in the format: https://sc.mycompany.org

Creating an asset integration

  1. In Oomnitza, click Configuration> Integrations> Overview.
  2. Click Block view block_view.PNG
  3. Scroll down to the Extended section for asset integrations.
  4. Click NEW INTEGRATION.
  5. Select the integration in the sidebar.
  6. Click ADD.

Integration details overview

More information is provided about the following fields to help you complete the integration:

Installation type

Select Cloud if you want to store credentials in the Oomnitza cloud.

Select Local if you want to store credentials locally. Local extended integrations do not support AWS and OAuth authentication. If you want to sync Oomnitza with vendor applications that require AWS or OAUTH authentication, select Cloud.

Integration preferences

By default, the option Create & Update option is selected. Select this option  when you want to edit records and add new records. If you want to edit records and not add new records, select Update Only. If you only want to add new records, select Create Only.

Integration details

To review or update the integrations details, click Edit edit_black_pencil_icon.svg.

  1. Update the integration name if necessary. 
  2. Select an installation type.
  3. For integration preferences, select an option.
  4. Enter the name of the integration user.

Credential details

If you selected Cloud as the installation type, choose one of the following options:

  • Select the credentials that were created for the integration.
  • Edit the credentials that were created for the integration.
  • Create new credentials

Schedule

By default, data is streamed to Oomnitza once every day.

You can configure the schedule to meet your needs such as changing the interval or changing the time so that the data is streamed when your system isn't busy.

  1. Click the Edit edit_black_pencil_icon.svg.
  2. Configure your schedule.
  3. Click Update.

Mappings

To map the fields to Oomnitza, click Edit edit_black_pencil_icon.svg.

TipBulb_Icon_small.svgYou can define rules for your integration by selecting Edit integration edit_integration.svg on the mapping page. For example, you may only want to run the integration if a certain contact or region exists. See Filtering integration results.  
You can add new fields to your integration by selecting Add new field  add_grey_rectangel_icon.svg on the mapping page. All you need to do is specify the property name. See Creating custom API fields. 

Creating custom mappings

Map the Tenable SC fields to Oomnitza fields and create custom mappings to get the user information that you need.

To take advantage of workflows, ensure you map the following fields to Oomnitza:

Complete the following actions:

  1. Click Smart Mapping to automatically detect appropriate mapping fields. Values from the integration can also be dragged to the appropriate field on the Oomnitza side, or selected from the integration field dropdown.
  2. Create a custom mapping for the ID. Complete the following steps:
    1. Click the down arrow on the field.
    2. Select Add new Oomnitza field.
    3. Change the name of the field to Tenable SC ID.
    4. Select the Unique checkbox.
    5. Click CREATE
  3. Assign a sync key to a unique field, such as the ID. 
  4. Click UPDATE.

Standard Oomnitza mappings

The following fields can be mapped to Oomnitza: 

First Seen
ID
IP Address
MAC Address
Name
OS
Operating System
TenableUUID
UUID
acr
aes
lastSeen
modifiedTime
netBiosWorkgroup
repID
source
systemType

Launching the integration

Your integration is in Draft mode until the required mandatory fields are added. When added, click Launch to activate your integration. 

small_blue_link.svg If you selected Cloud as the installation type when creating the integration, see Running an extended integration

small_blue_link.svg If you selected Local as the installation type when creating the integration, see Running an extended integration locally.

Viewing data ingested by Oomnitza

Viewing ingested asset data

For asset integrations, click Hardware. If the asset integration also ingests software data, click Software.

Viewing ingested user data

For user integrations, click People. If you chose the option to ingest User and SaaS user data, click Software > SaaS, click the SaaS app, and then click the Users tab. 

Related Links

Related articles

Comments

0 comments

Please sign in to leave a comment.