{ "name": "tenable_sc", "title": "Tenable Security Center", "version": "2.2.1", "release": "ga", "description": "Collect data from Tenable Security Center with Elastic Agent.\n", "type": "integration", "download": "/epr/tenable_sc/tenable_sc-2.2.1.zip", "path": "/package/tenable_sc/2.2.1", "icons": [ { "src": "/img/tenable_sc-logo.svg", "path": "/package/tenable_sc/2.2.1/img/tenable_sc-logo.svg", "title": "Tenable Security Center logo", "size": "32x32", "type": "image/svg+xml" } ], "conditions": { "kibana": { "version": "^8.19.4 || ~9.0.7 || ^9.1.4" } }, "owner": { "type": "elastic", "github": "elastic/security-service-integrations" }, "categories": [ "security", "vulnerability_management" ], "signature_path": "/epr/tenable_sc/tenable_sc-2.2.1.zip.sig", "format_version": "3.3.2", "readme": "/package/tenable_sc/2.2.1/docs/README.md", "license": "basic", "screenshots": [ { "src": "/img/tenable_sc-screenshot.png", "path": "/package/tenable_sc/2.2.1/img/tenable_sc-screenshot.png", "title": "Tenable Security Center vulnerability dashboard screenshot", "size": "600x600", "type": "image/png" } ], "assets": [ "/package/tenable_sc/2.2.1/LICENSE.txt", "/package/tenable_sc/2.2.1/changelog.yml", "/package/tenable_sc/2.2.1/manifest.yml", "/package/tenable_sc/2.2.1/validation.yml", "/package/tenable_sc/2.2.1/docs/README.md", "/package/tenable_sc/2.2.1/img/tenable_sc-logo.svg", "/package/tenable_sc/2.2.1/img/tenable_sc-screenshot.png", "/package/tenable_sc/2.2.1/kibana/tags.yml", "/package/tenable_sc/2.2.1/data_stream/asset/manifest.yml", "/package/tenable_sc/2.2.1/data_stream/asset/sample_event.json", "/package/tenable_sc/2.2.1/data_stream/plugin/manifest.yml", "/package/tenable_sc/2.2.1/data_stream/plugin/sample_event.json", "/package/tenable_sc/2.2.1/data_stream/vulnerability/manifest.yml", "/package/tenable_sc/2.2.1/data_stream/vulnerability/sample_event.json", "/package/tenable_sc/2.2.1/kibana/dashboard/tenable_sc-38c74c00-3814-11ed-bfe4-89ace1bfa1be.json", "/package/tenable_sc/2.2.1/kibana/dashboard/tenable_sc-3b851800-380a-11ed-bfe4-89ace1bfa1be.json", "/package/tenable_sc/2.2.1/kibana/dashboard/tenable_sc-b61f3090-3806-11ed-bfe4-89ace1bfa1be.json", "/package/tenable_sc/2.2.1/kibana/search/tenable_sc-e23be000-8970-11ec-a56b-9fd8deec1ba2.json", "/package/tenable_sc/2.2.1/data_stream/asset/fields/agent.yml", "/package/tenable_sc/2.2.1/data_stream/asset/fields/base-fields.yml", "/package/tenable_sc/2.2.1/data_stream/asset/fields/fields.yml", "/package/tenable_sc/2.2.1/data_stream/plugin/fields/agent.yml", "/package/tenable_sc/2.2.1/data_stream/plugin/fields/base-fields.yml", "/package/tenable_sc/2.2.1/data_stream/plugin/fields/fields.yml", "/package/tenable_sc/2.2.1/data_stream/vulnerability/fields/agent.yml", "/package/tenable_sc/2.2.1/data_stream/vulnerability/fields/base-fields.yml", "/package/tenable_sc/2.2.1/data_stream/vulnerability/fields/fields.yml", "/package/tenable_sc/2.2.1/data_stream/asset/agent/stream/httpjson.yml.hbs", "/package/tenable_sc/2.2.1/data_stream/asset/elasticsearch/ingest_pipeline/default.yml", "/package/tenable_sc/2.2.1/data_stream/plugin/agent/stream/httpjson.yml.hbs", "/package/tenable_sc/2.2.1/data_stream/plugin/elasticsearch/ingest_pipeline/default.yml", "/package/tenable_sc/2.2.1/data_stream/vulnerability/agent/stream/httpjson.yml.hbs", "/package/tenable_sc/2.2.1/data_stream/vulnerability/elasticsearch/ingest_pipeline/default.yml" ], "policy_templates": [ { "name": "tenable_sc", "title": "Tenable Security Center data", "description": "Collect Tenable Security Center data.", "inputs": [ { "type": "httpjson", "vars": [ { "name": "url", "type": "text", "title": "URL", "description": "URL for the Tenable Security Center API (Add https:// before the url).", "multi": false, "required": true, "show_user": true, "default": "https://sc.tenalab.online" }, { "name": "enable_request_tracer", "type": "bool", "title": "Enable request tracing", "description": "The request tracer logs requests and responses to the agent's local file-system for debugging configurations. Enabling this request tracing compromises security and should only be used for debugging. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-httpjson.html#_request_tracer_filename) for details.", "multi": false, "required": false, "show_user": false }, { "name": "proxy_url", "type": "text", "title": "Proxy URL", "description": "URL to proxy connections in the form of http\\[s\\]://:@:. Please ensure your username and password are in URL encoded format.", "multi": false, "required": false, "show_user": false }, { "name": "access_key", "type": "password", "title": "Access Key", "description": "Access key for the Tenable Security Center API.", "multi": false, "required": true, "show_user": false }, { "name": "secret_key", "type": "password", "title": "Secret Key", "description": "Secret key for the Tenable Security Center API.", "multi": false, "required": true, "show_user": false }, { "name": "batch_size", "type": "integer", "title": "Batch Size", "description": "Batch size for the response of the Tenable Security Center API.", "multi": false, "required": true, "show_user": false, "default": 1000 }, { "name": "interval", "type": "text", "title": "Interval", "description": "Duration between requests to the Tenable Security Center API. NOTE: Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "4h" }, { "name": "initial_interval", "type": "text", "title": "Initial Interval", "description": "How far back to pull the initial log from the Tenable Security Center API. NOTE: Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": true, "default": "24h" }, { "name": "additional_look_back", "type": "text", "title": "Additional Look-back Time", "description": "Additional time to look back for late-arriving data. This creates an overlap window to ensure no data is missed. NOTE: Supported units for this parameter are h/m/s.", "multi": false, "required": true, "show_user": false, "default": "0s" }, { "name": "http_client_timeout", "type": "text", "title": "HTTP Client Timeout", "description": "Duration before declaring that the HTTP client connection has timed out. Valid time units are ns, us, ms, s, m, h.", "multi": false, "required": false, "show_user": true, "default": "60s" }, { "name": "ssl", "type": "yaml", "title": "SSL Configuration", "description": "SSL configuration options. See [documentation](https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#ssl-common-config) for details.", "multi": false, "required": false, "show_user": false, "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" } ], "title": "Collect Tenable Security Center data via API", "description": "Collect Tenable Security Center Vulnerability, Asset, and Plugin data." } ], "multiple": true, "deployment_modes": { "default": { "enabled": true }, "agentless": { "enabled": true } } } ], "data_streams": [ { "type": "logs", "dataset": "tenable_sc.asset", "title": "Tenable Security Center asset data", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "httpjson", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "tenable_sc-asset" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the data is parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "httpjson.yml.hbs", "title": "Tenable Security Center asset data", "description": "Collect Tenable Security Center asset data.", "enabled": true, "ingestion_method": "API" } ], "package": "tenable_sc", "path": "asset" }, { "type": "logs", "dataset": "tenable_sc.plugin", "title": "Tenable Security Center plugin data", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "httpjson", "vars": [ { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "tenable_sc-plugin" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the data is parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "httpjson.yml.hbs", "title": "Tenable Security Center plugin data", "description": "Collect Tenable Security Center plugin data.", "enabled": true, "ingestion_method": "API" } ], "package": "tenable_sc", "path": "plugin" }, { "type": "logs", "dataset": "tenable_sc.vulnerability", "title": "Tenable Security Center vulnerability data", "release": "ga", "ingest_pipeline": "default", "streams": [ { "input": "httpjson", "vars": [ { "name": "accept_risk_status", "type": "select", "title": "Accept Risk Status", "description": "Whether to include \"all\" vulnerabilities, only vulnerabilities that have been \"accepted\" as a risk, or vulnerabilities that are \"not accepted\" as a risk.", "multi": false, "required": false, "show_user": true, "default": "notAccepted" }, { "name": "tags", "type": "text", "title": "Tags", "multi": true, "required": true, "show_user": false, "default": [ "forwarded", "tenable_sc-vulnerability" ] }, { "name": "preserve_original_event", "type": "bool", "title": "Preserve original event", "description": "Preserves a raw copy of the original event, added to the field `event.original`.", "multi": false, "required": true, "show_user": true, "default": false }, { "name": "processors", "type": "yaml", "title": "Processors", "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the data is parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.", "multi": false, "required": false, "show_user": false } ], "template_path": "httpjson.yml.hbs", "title": "Tenable Security Center vulnerability data", "description": "Collect Tenable Security Center vulnerability data.", "enabled": true, "ingestion_method": "API" } ], "package": "tenable_sc", "path": "vulnerability" } ] }