API requirements for Tenable.sc
The IVR server requires a Tenable user account. A user leveraged to Tenable.sc IVR adapter needs compatible machines within the environment.
The Tenable account utilized for IVR should be assigned the default full access group, and auditor role permissions. This provides the account access needed to complete the dataflow. Additionally, the user can be defined using custom access permissions to limit the scope of assets retrieved by IVR. A group within Tenable can be limited by both the viewable hosts and the repositories. In general, the role of auditor should be leveraged as well, to follow the principle of least privileged. The IVR dataflow retrieves information only when the account has granted visibility to receive.
Tenable impact statement
IVR uses the pytenable library (developed by Tenable). IVR leverages a default batch size of 1000, which is conservative and is prescribed by Tenable. With the default settings, the Tenable.sc server should not see a noticeable impact when the IVR adapter is running.