Skip to content
English
NopSec.com
  • There are no suggestions because the search field is empty.

How do I configure a TenableWAS Integration?

To create an API account with permissions to view asset and vulnerability data in Tenable WAS, you will need to create a dedicated user, assign the appropriate role, and generate API keys.

Creating a Read-Only API Key for Tenable WAS

Tenable Web App Scanning (WAS) is integrated into the broader Tenable Vulnerability Management platform (formerly Tenable.io). Because of this centralized architecture, you will create the user and generate the API keys from the main Tenable Settings menu.

To create an API key with strictly read-only permissions to view web application assets and scan findings, follow these steps:

NOTE: If you have already integrated Tenable.IO into the Nopsec Platform you can simply add Tenable WAS to the existing account and use the same credentials.

Step 1: Create a Dedicated Service Account

  1. Log in to your Tenable Vulnerability Management console using an Administrator account.

  2. In the left navigation menu, click Settings.

  3. Click the Access Control tile, then select the Users tab.

  4. In the upper-right corner, click the Create User button.

  5. Fill out the required Name, Username, and Email fields. We recommend using a descriptive naming convention, such as "API_WAS_ReadOnly".

Step 2: Assign the Read-Only Role

Tenable uses a Role-Based Access Control (RBAC) system where the "Role" dictates the actions a user can take, and "Permissions" (or tags) dictate the data they can see.

  1. In the Create User pane, locate the Role drop-down menu.

  2. Select the built-in Read-Only role. This built-in role strictly restricts the API account from launching scans, modifying configurations, or altering data, limiting it entirely to viewing and exporting.

    Note on Scope: By default, this user might be able to view asset and vulnerability data across both Tenable VM and Tenable WAS. If you need to restrict this API key to only view Web App Scanning data, you must apply Permission Configurations to this user after creation, explicitly scoping their "Can View" access strictly to your WAS asset tags.

  3. Click Save to finalize creating the user.

Step 3: Generate the API Keys

  1. Return to the Users list (Settings > Access Control > Users).

  2. Locate the service account you just created.

  3. Click on the user's row to open their details pane on the right side of the screen.

  4. Select the API Keys tab.

  5. Click Generate. A prompt will warn you that any existing keys will be replaced; confirm the generation.

  6. The system will display your new Access Key and Secret Key.

Important: Copy the Secret Key immediately and store it securely in a password manager or secrets vault. Tenable will never display the Secret Key again after you close this window.

Step 3: Enable Tenable.IO in the Nopsec Platform

  1. Navigate to Integrations in the NopSec UI and select the option to add 

  2. Enter Integration Access Info: When prompted enter the following information and click the "Save and Connect" button:

    • Connection Name: Unique name for this integration
    • Access Token:  The Access Key generated in the steps above..
    • Secret Token: The Secret Key generated in the steps above
    • SAVE and CLOSE