Tenable + D3 Smart SOAR
Automate, Standardize, and Document Vulnerability Management
Tenable Vulnerability Management and Tenable Security Center manage vulnerabilities on premise and in the cloud by consolidating and evaluating vulnerability data from across the enterprise and prioritizing security risks. Integrating Smart SOAR with Tenable connects vulnerability scans to your security operations command center.
Benefits and Capabilities
D3’s integration team takes the burden of integrations off your hands by building, maintaining, and upgrading the best possible connections between tools. We have studied Tenable’s APIs and capabilities closely in order to provide a powerful joint solution that can be seamlessly added to our codeless playbooks. The integration enables SOC teams to:
- Ingest and parse vulnerability scan reports in Smart SOAR.
- Orchestrate response tasks to quickly remediate vulnerabilities.
- Search across past vulnerability scans to inform threat hunting.
- Correlate vulnerabilities with adversary techniques using the MITRE ATT&CK matrix.
Use CAse
Vulnerability Scan Response
Smart SOAR’s integration with Tenable feeds vulnerability scans into automation-powered response workflows. When Tenable runs a scan across endpoints and detects a vulnerability, Smart SOAR reads and parses the scan report and triggers an incident response playbook. Smart SOAR determines the endpoint on which the vulnerability was found and enriches the report with contextual information. The user can notify the necessary teams from Smart SOAR or generate an IT ticket to schedule a patch or update.
- If the organization has existing scripts for patch management, Smart SOAR can trigger those directly.
- Turn vulnerability scans into a repeatable, automated process.
- Automatically generate complete records of vulnerabilities found and how they were remediated.
Use Case
Patch Management and Verification
As described in the previous use-case, Smart SOAR can generate a ticket for the IT team to resolve a vulnerability found on endpoints via a patch or update. When the IT team closes the ticket, a notification is generated. Smart SOAR then schedules a rescan of the affected endpoints via Tenable to verify that the patch has been successfully applied. Smart SOAR then ingests the rescan report so that the security analyst can confirm that the vulnerability has been remediated, and so that the entire process is documented in the SOC.
- Close the gaps between the IT team and security team.
- Create a record of actions taken and verification of resolution.
- Reduce vulnerabilities created by poor processes communication.
Why Smart SOAR?
Joint users of Tenable and D3 Smart SOAR don’t just get automated vulnerability scan response and patch management; they also get the countless other features that make Smart SOAR the leading independent SOAR solution, including:
Expert-built codeless integrations across the stack
Tier 1–3 automation, based on deep research into the capabilities of common tools
The Event Pipeline, which reduces alert volume by up to 98%
Cross-dimension correlation, which acts across tools, timeframes, TTPs, and artifacts
Tenable Integration: Summary
Ingest vulnerability scan reports
Integrations Done the Right Way
An unlimited number of pre-built integrations, expertly maintained by the largest technical team in security automation. Thoroughly researched, tested and built—and delivered for free. Always.