Tenable VM Integration

Introduction

The following guide will help you to integrate Tenable VM with Sprinto.

Tenable Vulnerability Management (VM) is a comprehensive solution designed to identify, assess, and manage vulnerabilities across an organization’s IT infrastructure.

How does this integration help Sprinto

This integration assists Sprinto in retrieving detected vulnerabilities from your Tenable VM account. According to data security compliance standards, all identified vulnerabilities must be resolved within the defined Service Level Agreement (SLA). Once a vulnerability is resolved and its status updated in Tenable VM, Sprinto detects the changes and updates the Sprinto check status to 'passing' for the resolved vulnerability.

Sprinto checks for Tenable VM

Below are the Sprinto checks available for Tenable VM:

Sprinto check

Required action

Tenable vulnerability alerts should be resolved within SLA

A current vulnerability in the “Open” status was detected on your integrated Tenable VM account. Resolve the vulnerability from the source and close the vulnerability from your Halo Security account.

Before you begin

Required Permissions for Tenable VM Integration

To successfully connect Tenable VM with Sprinto, ensure the user configuring the integration has the following minimum role and permissions.

Minimum user role required

Basic [16] user role (Lowest permission level in Tenable)

Specific permissions required

With the Basic Role [16], a user must have the following specific permissions.

Can View [16] - Scan permissions (Required for connection validation)
Can View [64] - Asset permissions (Required to fetch asset data)
Can View [64] - Vulnerability permissions (Required to fetch vulnerability data)
Can View (Access Control) - For the asset objects being exported
- Recommended scope: All Assets

Alternative Option - Custom Role

If users prefer not to assign the Basic role, they can create a Custom Role with the following permissions enabled:

Platform / Vulnerability Management

Assets → Read
Findings → Read
My Account → Read
Access Control → Read
Access Control Users → Read
Export → Manage All
General Settings → Read

Scan

Nessus/Agent Scan → Read

Sensors

Agent → Read
Scanner → Read

Web App Scanning

Web Application Scan → Read

No Manage permissions are required except:

Export → Manage All

Procedure

Step 1: Generate API Keys in Tenable

Log in to your Tenable VM account.
Generate your API Key and Secret Key from Tenable.
Securely copy both keys — you will need them while configuring the integration in Sprinto.

Refer to Tenable’s official documentation for instructions on generating API credentials.

Step 2: Connect Tenable VM in Sprinto

Log in to the Sprinto dashboard.
Navigate to Settings → Integrations.
In the All tab, search for Tenable VM.
Click Connect next to Tenable VM.

Review the permissions and data usage information shown in the drawer.
Click Next.

Enter the API Key and Secret Key generated in Step 1.
Click Connect.

The integration will now be established.

Post-connection Flow

Once the Tenable VM integration is successfully connected, you will remain on:

Settings → Integrations → Tenable VM

The integration status will change to Connected.

From this screen, you can:

View the list of automated controls and checks.
Confirm the permissions granted to Sprinto.
Monitor integration status (Active / Error).
Reconnect or update credentials if required.
Disconnect the integration if needed.

What happens after connection

Once you. choose the assets for which they want to fetch vulnerabilities, Sprinto begins syncing asset and vulnerability data from Tenable VM automatically.
The initial sync may take several minutes depending on your asset volume.
Control and check statuses update after the first successful data sync.
Any sync errors will be reflected in the integration status panel.

No additional configuration under Vulnerabilities is required.

Troubleshooting

Integration fails to connect

Ensure the API and Secret keys are copied correctly.
Verify that the Tenable user has:
- Basic [16] role
- Scan, Asset, and Vulnerability view permissions
- Access Control permission for exported assets

Vulnerabilities are not syncing

Wait 15–20 minutes after integration.
Confirm that:
- Assets fall under the permitted scope (recommended: All Assets).
- Vulnerabilities are in Open status in Tenable.

Sprinto checks remain failing after resolution

Ensure the vulnerability status is updated to Closed in Tenable.
Allow time for Sprinto to re-evaluate the check.

Support

Get in touch with our support team if you have any queries related to Tenable VM integration or need any assistance.

PreviousSolarWinds Service Desk Integration NextZelt Integration

Last updated 3 days ago

hashtagIntroduction

hashtagHow does this integration help Sprinto

hashtagSprinto checks for Tenable VM

hashtagBefore you begin

hashtagRequired Permissions for Tenable VM Integration

hashtagMinimum user role required

hashtagSpecific permissions required

hashtagAlternative Option - Custom Role

hashtagProcedure

hashtagStep 1: Generate API Keys in Tenable

hashtagStep 2: Connect Tenable VM in Sprinto

hashtagPost-connection Flow

hashtagWhat happens after connection

hashtagTroubleshooting

hashtagIntegration fails to connect

hashtagVulnerabilities are not syncing

hashtagSprinto checks remain failing after resolution

hashtagSupport