BETA: This connector relies on Tenable APIs currently marked as beta. These APIs may change without notice, which could cause the connector to stop working.
Elisity supports API connectivity to TenableOne as a method to enrich IT, OT, IoT, and cloud device discovery and identity. This enables asset inventory data from TenableOne to be imported into IdentityGraph for assets that appear on your Elisity-secured network, enhancing the precision and effectiveness of asset classification and Policy Group definition at scale.
The TenableOne connector imports device inventory, operating system details, system classification, and exposure scoring, and correlates this data to existing IdentityGraph identities using each asset's MAC addresses. The enriched attributes are displayed on the Device Details page and can be used as match criteria when defining Policy Groups.
Prerequisites
- TenableOne API Access Key
- TenableOne API Secret Key
- Network reachability from Cloud Control Center to the Tenable cloud API (default
https://cloud.tenable.com)
Generate the Access Key and Secret Key in TenableOne under Settings > API Keys. The two keys are issued as a pair and are required to authenticate the connector.
Steps to Connect TenableOne
Step 1. Log into Elisity Cloud Control Center and navigate to IdentityGraph > Connectors, then select + Add Connector. A panel slides out from the right side of the screen. In the search box, enter TenableOne to locate the connector, then select Configure on the TenableOne tile.
Step 2. On the Add TenableOne Endpoint screen, complete the fields on the Required Configuration tab, then select Submit.
| Field | Description |
|---|---|
| Endpoint Name | A descriptive name that identifies this TenableOne endpoint within Cloud Control Center. |
| Base URL | The Tenable cloud API endpoint. Defaults to https://cloud.tenable.com. Adjust this value only if your organization uses a dedicated Tenable cloud deployment. |
| Access Key | The TenableOne API Access Key generated in TenableOne under Settings > API Keys. Use the visibility toggle to confirm the value was entered correctly. |
| Secret Key | The TenableOne API Secret Key paired with the Access Key. Keep this value private, as it grants access to the Tenable API. |
| Description | An optional description of the endpoint's purpose. |
Step 3 (optional). To adjust how Cloud Control Center queries the connector, select the Advanced Settings tab and configure the options described below.
| Setting | Description |
|---|---|
| IP Only Based Lookup | Enables fallback behavior to query by IP address when a query by MAC address does not return a result. Disabled by default. |
| Query Exclusion Rules | Prevent the platform from querying the connector for specific devices. Enable Subnet to exclude one or more subnets, and enable Virtual Edge Node to exclude devices behind selected Virtual Edge Nodes. Each rule is disabled by default. |
| Random MAC | Controls whether the platform queries the connector for devices with randomized MAC addresses. Enabled by default. |
Step 4. If all of the required connector values are correct, all checks will pass and the connector will be created. After successful configuration, you should begin to see devices enriched by TenableOne in IdentityGraph.
Connector Status
The connector status reflects its health and availability based on recent query performance. To ensure accuracy and reduce false positives, the status is determined using a rolling 15-minute evaluation window.
Connector Status Levels:
- Active: Normal operation with minimal query failures.
- Degraded: Increased query failures detected, but the connector is still operational.
- Inactive: The connector is unresponsive due to persistent failures.
Failures are defined as unsuccessful query responses, and the platform continuously monitors performance to update the status accordingly. These status changes are visible in the UI, event logs, and notifications pane for better troubleshooting. Email alerts can also be configured for connector status changes. If the connector has not been queried within the evaluation window, the last known status is retained.
Leveraging TenableOne with Elisity
When Elisity discovers an asset on the network and the TenableOne connector is active, Cloud Control Center correlates the asset to its TenableOne inventory record using the asset's MAC addresses. The enriched data is displayed in the IdentityGraph tab of the Device Details page and can be leveraged in Policy Group definition.
The following attributes are imported from TenableOne and displayed on the Device Details page:
| Attribute | Description | Usable as Match Criteria |
|---|---|---|
| Hostname | The asset hostname reported by TenableOne. Mapped to a Core Effective Attribute in IdentityGraph. | Yes |
| Operating System | The operating system reported by TenableOne. Mapped to a Core Effective Attribute in IdentityGraph. | Yes |
| Type | The system classification reported by TenableOne. Mapped to a Core Effective Attribute in IdentityGraph. | Yes |
| Exposure Score | The TenableOne exposure score for the asset. | Yes |
| Device Name | The device name reported by TenableOne. | Yes |
| TenableOne ID | The unique asset identifier assigned by TenableOne. | Yes |
| First Seen | The date and time the asset was first observed by TenableOne. | No (display only) |
| Last Seen | The date and time the asset was most recently observed by TenableOne. | No (display only) |
If a device discovered by Elisity is also known in TenableOne, the Known in TenableOne indicator is set on the device record. You can leverage this indicator, along with the enriched attributes above, as match criteria when defining Policy Groups.
To learn more about using imported device attributes when defining Policy Groups, review the Leveraging Trust Attributes for Policy Group Definition article.