How do I configure a Tenable Security Center Integration?

Integration Prerequisites

Tenable Security Center requires the deployment of Nopsec’s containerized virtual appliance to securely forward asset and vulnerability data to the Nopsec Platform.

Click on the following link to view instructions on deploying the Nopsec Virtual Applaince:

• https://support.nopsec.com/knowledge/how-do-i-install-and-deploy-the-nopsec-containerized-virtual-appliance

Creating a View-Only Role in Tenable Security Center

In Tenable Security Center, it is important to understand that access is a two-part system:

• Roles determine what actions a user can take (e.g., launching scans, accepting risks, modifying policies).
• Groups determine what data a user can see (e.g., which IP addresses, assets, and vulnerability repositories they have access to).

To give a user strictly "can view" permissions for assets and vulnerabilities, you will create a custom role with no administrative actions enabled, and then assign that user to a Group that has access to the targeted data.

Step 1: Create the Custom Role

• Log in to Tenable Security Center using an account with role-management privileges (such as a Security Manager).
• In the top navigation menu, click Users, then select Roles.
• At the top of the page, click the Add button.
• In the Name field, enter a descriptive name (e.g., Read-Only Asset and Vuln Viewer).
• (Optional) Add a brief description explaining the purpose of the role.

Step 2: Configure Role Permissions

By default, newly created custom roles start with a baseline of read-only access. To maintain this strict view-only limitation, you will intentionally leave the action-oriented permissions disabled.

• Scroll through the permission categories (Scanning Permissions, Asset Permissions, Analysis Permissions, etc.).
• Ensure that action-based permissions—such as Create Scans, Create Policies, Accept Risks, Recast Risks, and Manage Groups—remain disabled (unchecked or toggled off, depending on your version).
• (Optional) If this read-only user needs to export data or view specific dashboards, scroll to the Reporting Permissions section and enable Generate Reports.
• Click Submit to save the new custom role.

Note: Tenable Security Center also includes built-in system roles like Auditor and Executive. These system roles are pre-configured with strictly read-only permissions and can be used immediately if you prefer not to build a custom role from scratch.

Step 3: Grant Data Access via Groups

Now that the role is created to restrict actions, you must use a Group to grant visibility into the data.

• Navigate to Users > Users.
• Click Add to create a new user, or right-click an existing user and select Edit.
• In the user configuration pane, locate the Role drop-down menu and select your newly created custom role (e.g., Read-Only Asset and Vuln Viewer).
• Locate the Group drop-down menu. Select the specific Group that is configured with access to the Repositories and IP ranges you want this user to view.
  Important: If the user needs to view all assets and vulnerabilities across the organization, ensure you select a Group that has been granted access to "Full Safe" or all Repositories.
• Fill out the remaining required user details and click Submit.

Step 3: Enable Tenable.sc in the Nopsec Platform

1. Navigate to Integrations in the NopSec UI and select the option to add the Tenablek Security Center integration.

2. Enter Integration Access Info: When prompted enter the following information and click the "Save and Connect" button:

   • Connection Name: Unique name for this integration
     • Click on the Enable On-Prem button
   • URL: The URL used to access the tenable security center console
   • Username:  The username generated in the steps above.
   • Password: The password generated in the steps above
   • Click Save and Connect