Tenable.SC monitoring and Solarwinds Group to Asset List integration

If you have a Tenable.SC - and attached fleet of Nessus Scanners and Managers - you can ask the API on the SC to give you a complete rundown on the health of Tenable.  If you assign applications to Solarwinds groups, then you may wish to see such groups presented within Nessus - so you can easily produce a report on the security vulnerabilities of said applications.  The attached file does both.

It is a powershell monitor designed to be run from the Orion Poller, against the SC node.

Tenable.SC Monitor

pastedImage_9.jpg

As you can see, basic status info is returned - are things running, licenced etc.  For Managers and Scanners you get the status, system loads, activities and zones assigned.

If there are scanners or managers down, or zones with no scanners, or no licences left then the monitor will show Warning.  If the Job daemon is down then Critical.

Note: as of right now the API access required to monitor SC is the built-in back-end Administrator account only.  This has been lodged as an issue to address with the vendor.

Integration - Solarwinds Groups to Tenable Asset Lists

pastedImage_1.png

This is designed to run every 12 hours by default.  You need ton configure an account in Solarwinds with read access to Groups, and the same account in Tenable with rights to create/update Asset Lists.

If the connection to Solarwinds or Tenable fails, Connection Failure will return 1 and the message will tell you what system(s) failed and the error messages.

If there is an API error update/creating/deleting Asset Lists, the number of errors and the error messages will appear by  Asset [Action] Errors and the monitor will go to Warning level.  For example:

pastedImage_4.png

Assets to Create/Delete/Update are the number of Assets being changed by the most recent run.