Unified VRM Integrations
      Back to home
      1. Knowledge Base
      2. Unified VRM Integrations

      Quickstart for Tenable.io VM

      This page walks you through setting up readonly Tenable.io VM for your Unified VRM, and ingesting Tenable.io VM data inside Unified VRM.

      Before you begin

      To complete this quickstart, including setting up a Tenable.io VM credential for your Unified VRM, you'll need to have:

      1. Tenable.io VM subscription
      2. Tenable.io Administrator role
      3. Unified VRM Admin privileges

      To sync asset and vulnerability data from Tenable.io into Unified VRM, Tenable.io recommends creating a dedicated account with an administrator role.

      Benefits of Tenable.io administrator role

      Tenable.io administrator role enables use of the export API when integrating external systems. This provides the following benefits:

      • Officially supported by Tenable and follows Tenable.io best practice.
      • Sync Tenable.io assets, tags, target groups and risk recasts. 
      • Faster sync and avoids API rate limits.

      Tenable.io best practice for exporting assets and vulnerabilities

      From page 29 of Tenable.io API Best Practices Guide:


      The Tenable.io export API requires administrator role:

      Supports Tenable.io elastic assets

      Tenable.io's Asset UID is how Tenable.io tracks assets across IPs. Asset UIDs are only available via the export API and not available in scan files.

      While the Asset Workbench API does support the Asset UID, it’s limited to 5,000 assets:

      Faster sync and avoids API rate limits

      From Rate Limiting (Tenable.io API):

      Create a Tenable.io account with administrator role

      Create an account for Unified VRM to download scans from customer’s Tenable.io VM account.

      Step 1: Create a Unified VRM user account in Tenable.io VM

      The following Tenable documentation shows how to create a user account.

      Create a User Account (Tenable.io)

      Unified VRM requires an Administrator role per Tenable.io's API requirements.

      Please use the following values when creating a new user:

      • Username: uvrm@[customer domain]
      • Full Name: UVRM
      • Email: [customer’s email address]
      • Role: Administrator
      • Password: [choose a strong password]

      Provide credentials to NopSec for Unified VRM

      Please provide the Tenable.io admin user account’s username and password to NopSec. Please reach out to your technical account manager to coordinate the secure transfer of the credentials.

      Troubleshooting: No asset groups in Unified VRM

      Tenable.io Target Groups allow you to set which users have permission to see them. If the Tenable.io uvrm has "No access" permission against a target group, Unified VRM will not be able to import it.

      The Tenable.io uvrm account must have either "Can Use" or "Can Scan" permission to import a target group. Alternatively, ensure the Tenable.io uvrm role is administrator.

      More info here: About Target Groups (Tenable.io)