# Tenable

## About <a href="#about" id="about"></a>

The Tenable Vulnerability Management NetoFuse module provides enriched asset context to Netography Fusion from Tenable Vulnerability Management. It connects to the Tenable API to retrieve asset, vulnerability, and scanner information and then uploads it as [Context Labels](/enrich-traffic-with-context/labels.md) to the Netography Fusion API.

{% hint style="info" %}
**☁️NetoFuse Modules: Cloud deployment vs. On-Prem deployment**

This page documents how to add and configure the NetoFuse module for an on-prem deployment with a container or Python package. If you want to use the cloud deployment model and have this integration run in the Netography Fusion SaaS, you can add it as a context integration in the Netography Fusion Portal instead by consulting the [Context Integrations](/enrich-traffic-with-context/configure-context-integrations.md) documentation.
{% endhint %}

## API Configuration Parameters <a href="#api-configuration-parameters" id="api-configuration-parameters"></a>

All the fields required for this integration are listed here, along with the corresponding environment variable name used to set that field in the NetoFuse module.

| Tenable Field | Required | NetoFuse Environment Variable            | Description        |
| ------------- | -------- | ---------------------------------------- | ------------------ |
| API Key       | Yes      | `NETO__TENABLE__CREDENTIALS__ACCESS_KEY` | Tenable API Key    |
| API Secret    | Yes      | `NETO__TENABLE__CREDENTIALS__SECRET`     | Tenable API Secret |

## Tenable VM Configuration <a href="#tenable-vm-configuration" id="tenable-vm-configuration"></a>

### Generate a Tenable API Key <a href="#generate-a-tenable-api-key" id="generate-a-tenable-api-key"></a>

Login to your Tenable account and generate an API key at:\
<https://cloud.tenable.com/tio/app.html#/settings/my-account/api-keys>

See Tenable documentation if this link has changed or you have any questions about this process: <https://docs.tenable.com/vulnerability-management/Content/Settings/my-account/GenerateAPIKey.htm>

## `tenablevm` NetoFuse Module Configuration <a href="#tenablevm-netofuse-module-configuration" id="tenablevm-netofuse-module-configuration"></a>

All the fields required for this integration are listed above in the [API Configuration Parameters](#api-configuration-parameters) section above. See [Configure > module](/netofuse/configure.md#module) for additional options for setting configuration fields and [Security Considerations](https://docs.netography.com/netofuse/security-considerations) for additional options for setting credentials.

### Advanced Configuration Options <a href="#advanced-configuration-options" id="advanced-configuration-options"></a>

The following configuration options are available for the module.

| Configuration Option | Description                                                                                                                                                                                                                                                                                             | Default Value |
| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- |
| `include_asset_data` | If set to false, no asset data is retrieved, only the vulnerabilities.                                                                                                                                                                                                                                  | `False`       |
| `filters`            | Filters to apply to asset and vulnerability API calls. More information on this object here: <https://developer.tenable.com/reference/exports-assets-request-export>. If another configuration option is already available for the specific filter you want to use, use that one instead of this field. | `None`        |
| `cidr_range`         | Corresponds to the `cidr_range` filter setting                                                                                                                                                                                                                                                          | `None`        |
| `severity`           | <p>Comma-separated list of severities to include in vulnerability results.<br>Note that anything less than <code>high</code> is likely to create many context labels that are of low value, which should be avoided.</p>                                                                                | `high`        |
| `networks`           | A comma-separated list of network names. If it is set, the only assets or vulnerabilities included are those in one of the specified networks.                                                                                                                                                          | `None`        |
| `tags`               | A tag to filter assets returned by. A tag has a category name and a value, so the value of this should be written as `“category=value"`.                                                                                                                                                                | `None`        |
| `scanner_details`    | If set to true, retrieve the list of scanners (filtered by the networks and CIDR field above).                                                                                                                                                                                                          | `True`        |

#### Default `tenablevm` Module Configuration <a href="#default-tenablevm-module-configuration" id="default-tenablevm-module-configuration"></a>

{% tabs %}
{% tab title="YAML" %}

```
  tenablevm:
    include_asset_data: true
    scanner_details: true
    cidr_range:  # 10.0.11.0/24
    networks:    # Default
    tags:        # testing=Test 1
    filters:
    credentials:
      access_key:
      secret:
    transform:
      ipv4s:
        context: ip
      ipv6s:
        context: ip
      plugin.cve:
        context: cve
      plugin.cvss3_base_score:
        context: cvss_score
      severity:
        context: cvss_rating
      asset.operating_system:
        context: os
        function:
          function: transform_os
      # Scanner Transform
      ip_addresses:
        context: ip
      scanner_name:
        context: scanner_name
      scanner_product:
        context: scanner_product
      scanner_allowed:
        context: scanner_allowed
```

{% endtab %}
{% endtabs %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.fusion.vectra.ai/netofuse/modules/tenable.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.