Over the years, I’ve had the opportunity to work with both Rapid7’s InsightVM and Tenable’s Tenable.SC. At the core of these products is their vulnerability scanners, Nexpose and Nessus respectively. I wanted to compare these two vulnerability management products and document some of the pros and cons of each one.
While both products scan your network and report on vulnerabilities, they report them in different ways. Ideologically, InsightVM is more vulnerability focused while Tenable.SC is more remediation focused.
Tenable.SC has a basic ticketing system built into their product. But, by default, there’s no way to notify someone that a ticket has been assigned to them. To notify someone that a ticket has been assigned to them, an alert needs to be generated that is based on a query.
The first step is to configure a query. Within Tenable.SC, navigate to Analysis → Queries and Add a query. In the Query Builder section, select “Ticket” for Type and “Ticket List” for Tool.
I recently needed to pull all of the asset groups associated with a list of IPs from Tenable.SC. It’s easy enough to filter assets in Tenable.SC by Asset Group and get all of the assets in a group. And the full list of Asset Groups can be viewed in the Web UI by looking at the information for a single asset. But there was no report or query within the Web UI that would list all Asset Groups for list of IPs/assets.
Enter the Tenable.SC API. Within the API, there is a method called “assetintersections” that will list all Asset Groups associated with a given IP.
With a little scripting in your favorite language, a list of IPs and their associated Asset Groups can be created.