This note describes how to configure Tenable.io as a provider for Dome9. Once configured, Tenable can send events to Dome9, which can be viewed on the Dome9 Alerts page.
Configure Tenable.io as to send alerts to Dome9
- Sign-in to Tenable (cloud.tenable.com) ,and navigate to the Settings page.
- Navigate to the Users page, in the left navigation pane.
- Create a new Tenable user, with role Administrator.
- Select the new user from the list of users, to open it.
- Click on the new user from the list of users, to open it.
- Select the API Keys tab, and click Generate.
- Copy the API Access Key and Secret Key.
- Sign-in to the Dome9 web app, and navigate to the Account Settings page in the Administration menu.
- Paste the Tenable API Access Key and Secret Key, copied from the previous step, in the Tenable section in the Integrations tab.
- Click Save Changes
View Tenable.io alerts on Dome9
Once your Tenable.io account is configured to send alerts to Dome9, you can view them on the Dome9 Alerts page.
Only alerts for entities that are part of of cloud accounts that are onboarded to Dome9 will appear on the Alerts page.
To see Tenable.io alerts on Dome9:
- Navigate to the Alerts page (in the Administration menu).
- In the Filter pane on the left, in the Source section, select Tenable.io (if it does not appear as an option, it not yet properly configured in Dome9 - check the configuration steps above).
- The filtered list of alerts will show alerts from Tenable.
- You can expand the alert to show more detail.
Build Dome9 Compliance rules and queries based on Tenable.io findings
You can build Dome9 Compliance rules with conditions based on alerts received from Tenable.io.
For example, the following GSL rule:
Instance should not have externalFindings.findings with [ findingSource='Tenable.io']
Checks for instances in a cloud account for which external findings sourced from Tenable.io exist.