SaltStack SecOps Vulnerability supports importing security scans generated by a variety of third-party vendors. In the Connectors workspace you can configure settings to import scan results from a connector. SaltStack SecOps Vulnerability currently includes a connector integration with Tenable.io.

Once configured, a connector allows you to import vulnerability scan results from Tenable.io into SaltStack SecOps Vulnerability. Then, in addition to remediating vulnerabilities, SaltStack SecOps Vulnerability also exports asset data into Tenable.io.

To import vulnerabilities through a connector, first configure your connector by providing the third party’s API keys. Once you have saved your connector, go to SaltStack SecOps Vulnerability to import your scan results to a vulnerability policy.

For more on importing results, see SaltStack SecOps Vulnerability.

Configuring a connector

  1. Click Settings > Connectors on the side menu.

    In the left column, the Tenable.io connector is selected.

  2. Enter the required details for your Tenable.io connector. For more on the Connector information fields, see Connector settings.
  3. Click Save.

    SaltStack SecOps Vulnerability authenticates your API keys with Tenable.io. You can now use the connector to import results from Tenable.io scans. For more on importing from your connector, see Importing scan results from a connector.

Connector settings

Enter information in the following fields to configure your connector.

Field

Description

Secret Key and Access Key

Key pair required to authenticate with the connector API. For more on generating your keys, see the Tenable.io documentation.

URL

Base URL for API requests. This defaults to https://cloud.tenable.com.

Days since

Query Tenable.io scan history beginning this number of days ago. Leave blank to query an unlimited period of time.

When you use a connector to import scan results, SaltStack SecOps Vulnerability uses the most recent results per node available within this period.

Note:

To ensure your policy contains the latest scan data, make sure to rerun your import after each scan. SaltStack SecOps Vulnerability does not poll Tenable.io for the latest scan data automatically.

Connectors and user access

By default, all SaltStack Config users can access the Connectors workspace. However, permission to run Vulnerability Vendor Import, as well as a SaltStack SecOps Vulnerability license, are required for a user to successfully import vulnerabilities from a connector.

For more on configuring user access, see Roles and permissions.