Integrating Tenable IO with AppViewX

Go to Menu > Automation > Workflow > Integration.
The Workflow > Integration page is displayed.
On the Workflow > Integration page, click Add new vendor.

The Select vendor dialog box is displayed.
From the Select category dropdown list, select ASM and click Apply.
From the search results displayed, select Tenable IO.
The Workflow > Integration > Vendor configuration page is displayed.
For the Tenable IO integration, in the Information section, enter the following details:
1. [Mandatory] Enter a Name for the integration.
2. [Optional] Enter an additional Description for the integration.
3. Enter Tags for the integration.
  The tags entered are used to identify the purpose of the integration.
  Important: To enable PQC evaluation for this integration, it is mandatory to add the QTH tag in this field. Without the QTH tag, this integration will not be evaluated for post quantum readiness. In this case, the PQC Evaluation Status of the corresponding discovery instance is set to Not Evaluated.
In the Credentials section:
1. From the Auth Type dropdown list, select Basic Auth.
2. In the URL field, enter the Tenable URL.
3. From the Credential Type dropdown list, select AWS Signature.
4. In the corresponding fields, enter your Access Key and Secret Key.
Edit the JSON for your customized Configurations.
The Configurations editor is prepopulated with a dummy JSON template with placeholder values to let you define your custom configuration parameters and query logic.
In this JSON:
1. To specifically look for entries that have been updated since the last successful job execution, set deltaSync to true (it is set to true by default).
  To capture deletions since the last job execution, set deltaSync to false.
2. In the assetTags array, create individual groups defining a set of tag conditions.
3. Use the <category_name> : <tag_value_n> key-value pair to define the tag conditions.
  Tags inside a single group are OR-matched, while tags across groups are AND-matched.
  Note: Category and tag values must match the Tenable.io definitions. This field is optional and can be omitted to include all assets. Tag-based filtering is recommended to scope discovery to intended hosts.
Click Add.
The integration is added and is displayed on the Workflow > Integration page, identified by the name assigned to the integration.

Dummy JSON Template

The JSON template given below can be used for tag-based filtering implemented for scoping asset discovery, to limit the scan to only relevant assets. The structure supports flexible filtering using AND logic across groups and OR logic within each group.

Template

{
    "deltaSync": true,
    "_assetTags_help": "Each object represents a group of tags. Tags within a group are OR-matched, while multiple groups are AND-matched. Category and tag values must exactly match Tenable.io definitions. This field is optional and can be omitted to include all assets. Tag-based filtering is recommended to scope discovery to intended hosts.",
    "assetTags":
    [
        {
            "category": "<category_name>",
            "tags":
            [
                "<category_name>:<tag_value_1>",
                "<category_name>:<tag_value_2>"
            ],
            "description": "<optional_description_for_group_1>"
        },
        {
            "category": "<another_category_name>",
            "tags":
            [
                "<another_category_name>:<tag_value_1>",
                "<another_category_name>:<tag_value_2>"
            ],
            "description": "<optional_description_for_group_2>"
        }
    ]
}

Sample

{   
    "deltaSync": true,
    "assetTags":
    [
        {
            "category": "CustomIpList",
            "tags":
            [
                "CustomIpList:present"
            ],
            "groupName": "My IPs to Scan"
        },
        {
            "category": "os",
            "tags":
            [
                "os:linux",
                "os:windows"
            ],
            "groupName": "Operating system"
        }
    ]
}