Skip to content
No description, website, or topics provided.
Python
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
tenable_asc Upped revision to 1.0.1 #1 Dec 3, 2019
.gitignore initial commit Nov 1, 2019
changelog.md Upped revision to 1.0.1 #1 Dec 3, 2019
readme.md Update readme Nov 22, 2019
setup.py

readme.md

Tenable.io for Azure Security Center

Please Note: This script leverages preview APIs for Azure Security Center (ASC). While this is expected, the API may change unexpectedly on the Microsoft side. However, we plan to update this integration as Microsoft updates their APIs for ASC.

This integration is designed to pull Tenable.io vulnerabilities from Azure assets and summarize (count) them by severity. Once the vulnerabilities are summarized for each Azure asset, the integration creates an Azure Security Center recommendation for each host. The recommendation includes a summary of the number of vulnerabilities on each host and lists them by severity.

This integration can be run as a one-shot ingest or continuous service.

Requirements

  • A working Azure connector in your Tenable.io instance
  • A set of Azure credentials for the integration to use. You will need to know the App Secret, App ID, and Tenant ID. See the Azure documentation for instructions.
  • A set of Tenable.io API keys with the Administrator role. See the Tenable.io Generate API Key Instructions for more information.
  • A host to run the script on. This can be located anywhere as the integrations is linking cloud-to-cloud.

Setup

pip install .

Options

The following script details, both, command-line arguments and equivalent environment variables.

Usage: tenable-asc [OPTIONS]

  Tenable.io -> Azure Security Center Transformer & Ingester

Options:
  --tio-access-key TEXT     Tenable.io Access Key
  --tio-secret-key TEXT     Tenable.io Secret Key
  -b, --batch-size INTEGER  Export/Import Batch Sizing
  -v, --verbose             Logging Verbosity
  -r, --run-every INTEGER   How many hours between recurring imports
  --auth-uri TEXT           Azure Security Center authentication URI
  --azure-uri TEXT          Azure Security Center API base URI
  --azure-app-id TEXT       Azure Security Center application id
  --azure-tenant-id TEXT    Azure Security Center tenant id
  --azure-app-secret TEXT   Azure Security Center application secret
  --help                    Show this message and exit.

Example Usage

Run the import once:

tenable-asc                                     \
    --tio-access-key {TIO_ACCESS_KEY}           \
    --tio-secret-key {TIO_SECRET_KEY}           \
    --azure-app-id {AZURE_APP_ID}               \
    --azure-tenant-id {AZURE_TENANT_ID}         \
    --azure-app-secret {AZURE_APP_SECRET}

Run the import once an hour:

tenable-asc                                     \
    --tio-access-key {TIO_ACCESS_KEY}           \
    --tio-secret-key {TIO_SECRET_KEY}           \
    --azure-app-id {AZURE_APP_ID}               \
    --azure-tenant-id {AZURE_TENANT_ID}         \
    --azure-app-secret {AZURE_APP_SECRET}
    --run-every 1

Changelog

Visit the CHANGELOG

You can’t perform that action at this time.