# Tenable VM Integration

### Introduction <a href="#introduction" id="introduction"></a>

The following guide will help you to integrate Tenable VM with Sprinto.

Tenable Vulnerability Management (VM) is a comprehensive solution designed to identify, assess, and manage vulnerabilities across an organization’s IT infrastructure.

#### How does this integration help Sprinto <a href="#how-does-this-integration-help-sprinto" id="how-does-this-integration-help-sprinto"></a>

This integration assists Sprinto in retrieving detected vulnerabilities from your Tenable VM account. According to data security compliance standards, all identified vulnerabilities must be resolved within the defined Service Level Agreement (SLA). Once a vulnerability is resolved and its status updated in Tenable VM, Sprinto detects the changes and updates the Sprinto check status to 'passing' for the resolved vulnerability.

#### Sprinto checks for Tenable VM <a href="#sprinto-checks-for-tenable-vm" id="sprinto-checks-for-tenable-vm"></a>

Below are the Sprinto checks available for Tenable VM:

<table><thead><tr><th width="212.32421875">Sprinto check</th><th>Required action</th></tr></thead><tbody><tr><td>Tenable vulnerability alerts should be resolved within SLA</td><td>A current vulnerability in the “Open” status was detected on your integrated Tenable VM account. Resolve the vulnerability from the source and close the vulnerability from your Halo Security account.</td></tr></tbody></table>

### Before you begin <a href="#before-you-begin" id="before-you-begin"></a>

* Log in to the Sprinto admin portal using your credentials.

***

### Required Permissions for Tenable VM Integration

To successfully connect Tenable VM with Sprinto, ensure the user configuring the integration has the following minimum role and permissions.

#### Minimum user role required

* **Basic \[16]** user role\
  (Lowest permission level in Tenable)

#### Specific permissions required

With the Basic Role \[16], a user must have the following specific permissions.

* **Can View \[16]** - Scan permissions\
  (Required for connection validation)
* **Can View \[64]** - Asset permissions\
  (Required to fetch asset data)
* **Can View (Access Control)** - For the asset objects being exported
  * Recommended scope: **All Assets**

#### Alternative Option - Custom Role

If users prefer not to assign the Basic role, they can create a **Custom Role** with the following permissions enabled:

**Platform / Vulnerability Management**

* **Assets → Read**
* **Findings → Read**
* **My Account → Read**
* **Access Control → Read**
* **Access Control Users → Read**
* **Export → Manage All**
* **General Settings → Read**

**Scan**

* **Nessus/Agent Scan → Read**

**Sensors**

* **Agent → Read**
* **Scanner → Read**

**Web App Scanning**

* **Web Application Scan → Read**

No Manage permissions are required except:

* **Export → Manage All**

### Procedure <a href="#procedure" id="procedure"></a>

### Step 1: Generate API Keys in Tenable

1. Log in to your Tenable VM account.
2. Generate your **API Key** and **Secret Key** from Tenable.
3. Securely copy both keys — you will need them while configuring the integration in Sprinto.

Refer to Tenable’s official [documentation](https://docs.tenable.com/security-center/Content/manage-api-keys.htm#Generate?Highlight=API%20key) for instructions on generating API credentials.

***

### Step 2: Connect Tenable VM in Sprinto

1. Log in to the Sprinto dashboard.
2. Navigate to **Settings → Integrations**.
3. In the **All** tab, search for **Tenable VM**.
4. Click **Connect** next to Tenable VM.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FVykYr2BNIX80RKewxwFD%2FScreenshot%202026-02-17%20at%2012.45.17.png?alt=media&#x26;token=3342a65e-4d84-402b-a720-ee1bb0b37e2a" alt="" width="563"><figcaption></figcaption></figure>

5. Review the permissions and data usage information shown in the drawer.
6. Click **Next**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FhpYpifF5KFJ2ZCwnKVB9%2FScreenshot%202026-02-17%20at%2012.52.46.png?alt=media&#x26;token=eb79b77c-517d-4965-a998-e495d35c3f48" alt="" width="375"><figcaption></figcaption></figure>

7. Enter the **API Key** and **Secret Key** generated in Step 1.
8. Click **Connect**.

<figure><img src="https://3220032727-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FEsyn5VMU6e0OyGjRtKgx%2Fuploads%2FKMHyu68rHfRbGOpfwzo0%2FScreenshot%202026-02-17%20at%2012.54.24.png?alt=media&#x26;token=605f94c1-f427-427d-8eb2-db142e25c20a" alt="" width="375"><figcaption></figcaption></figure>

The integration will now be established.

***

## Post-connection Flow

Once the Tenable VM integration is successfully connected, you will remain on:

**Settings → Integrations → Tenable VM**

The integration status will change to **Connected**.

From this screen, you can:

* View the list of automated controls and checks.
* Confirm the permissions granted to Sprinto.
* Monitor integration status (Active / Error).
* Reconnect or update credentials if required.
* Disconnect the integration if needed.

***

### What happens after connection

* Once you. choose the assets for which they want to fetch vulnerabilities, Sprinto begins syncing asset and vulnerability data from Tenable VM automatically.
* The initial sync may take several minutes depending on your asset volume.
* Control and check statuses update after the first successful data sync.
* Any sync errors will be reflected in the integration status panel.

No additional configuration under Vulnerabilities is required.

***

### Troubleshooting

#### Integration fails to connect

* Ensure the API and Secret keys are copied correctly.
* Verify that the Tenable user has:
  * Basic \[16] role
  * Scan, Asset, and Vulnerability view permissions
  * Access Control permission for exported assets

#### Vulnerabilities are not syncing

* Wait 15–20 minutes after integration.
* Confirm that:
  * Assets fall under the permitted scope (recommended: All Assets).
  * Vulnerabilities are in Open status in Tenable.

#### Sprinto checks remain failing after resolution

* Ensure the vulnerability status is updated to Closed in Tenable.
* Allow time for Sprinto to re-evaluate the check.

***

### Support <a href="#support" id="support"></a>

Get in touch with our [support team](mailto:www.support@sprinto.com) if you have any queries related to Tenable VM integration or need any assistance.