API requirements for Tenable.io
- User with Administrator user role within Tenable
- All Assets set to Can View. For more information, see Tenable Permissions.
To generate User's API keys:
- In the Tenable.io web user interface, click the button on the top right corner
of the header.
- Click My account button. The user account menu appears.
- Select API Keys from the left-hand navigation.
- Click the Generate button in the lower right part of the browser.
- Acknowledge the warning by clicking Continue in the pop-up box.
- Tenable.io generates new access key and secret key. Copy the two generated keys
and paste into the IVR configuration page to enable the interface. Be sure to
copy access and secret keys to a safe location as keys are displayed only
once. After the tab is closed, API keys cannot be retrieved from Tenable.io.
Once the API keys are generated, you can proceed with the Deployment process. In the Deployment Fixlet, you will need to provide the Access Key and the Secret Key.
Refer to this page for more information about User Roles and Permissions:https://docs.tenable.com/tenableio/Content/Settings/UserRoles.htm
With the API keys generated, you can validate API credentials by using below curl commands:- Get Vuln Export UUID:
curl --request POST --url https://cloud.tenable.com/vulns/export --header "Accept: application/json" --header "Content-Type: application/json" --header "X-ApiKeys: accessKey=redactedaccesskey; secretKey=redactedsecretkey"
- Get Vuln Export Status for given UUID:
curl --request GET --url https://cloud.tenable.com/vulns/export/21a70c98-8e8d-4b64-b7e0-4c57a245126f/status --header "Accept: application/json" --header "Content-Type: application/json" --header "X-ApiKeys: accessKey=redactedaccesskey; secretKey=redactedsecretkey"
- Get Chunk 1 of vuln data for given UUID:
curl --request GET --url https://cloud.tenable.com/vulns/export/21a70c98-8e8d-4b64-b7e0-4c57a245126f/chunks/1 --header "Accept: application/octet-stream" --header "X-ApiKeys: accessKey=redactedaccesskey; secretKey=redactedsecretkey"
In each example above, replace ‘redactedaccesskey’ and ‘redactedsecretkey’ with the same API keys/credentials as those being used for the integration. Also, for API calls 2 and 3, replace the example UUID in the request URL (21a70c98-8e8d-4b64-b7e0-4c57a245126f) with the UUID value returned from API call 1.
- Get Vuln Export UUID: