BumblebeeBumblebee
Integrations

Tenable Vulnerability Management

Overview

Tenable is a vulnerability-management / exposure-management vendor. Bumblebee connects to the Tenable One cloud platform (cloud.tenable.com), which hosts six products behind a single host and a single credential pair:

  • Vulnerability Management (VM) — scans, assets, findings, bulk exports
  • Web App Scanning (WAS) — web application scan configs, scans, findings
  • MSSP Portal — child-account administration and rollups for MSSP partners
  • Platform & Settings — users, groups, tags, scanners, agents, networks
  • Exposure Management — unified inventory, exposure view, attack paths (requires a Tenable One license)
  • PCI ASV — PCI DSS attestations and scan submissions (add-on license)

Each product is exposed as one generic tool: the agent supplies an HTTP method, an endpoint path, optional query parameters, and an optional JSON body. The catalogues are read-only — reporting is the primary use case, and mutating endpoints are intentionally not catalogued.

Prerequisites & Setup

Before setting up the Tenable integration, you need:

  • A Tenable One / Tenable Vulnerability Management account on cloud.tenable.com
  • A user whose role grants access to the data you want to report on. API keys inherit the generating user's role and container.
  • For MSSP portal endpoints: the keys must belong to a user in the MSSP parent container. Parent keys enumerate and administer child accounts but cannot read child-container scan data.

Generate an API key pair in Tenable

  1. Sign in to cloud.tenable.com
  2. Open My Account → API Keys (or Settings → My Account → API Keys)
  3. Click Generate — note this invalidates the user's previous key pair
  4. Copy both keys immediately — Tenable never shows the secret key again

Vendor documentation:

Configure in Bumblebee

  1. Go to the Integrations page in Bumblebee
  2. Select Tenable Vulnerability Management
  3. Paste your Access Key and Secret Key
  4. Save the configuration

Available Tools

Core (6 tools)

All six tools share the same signature — Required: method (str, e.g. "GET"), path (str). Optional: query_params (object), body (object), response_filter (JMESPath string).

  • tenable_vm_request — Vulnerability Management: workbenches (synchronous vuln/asset queries), scans (read), assets, plugins, and async bulk exports (POST /vulns/export → poll status → download chunks).
  • tenable_was_request — Web App Scanning v2: scan configs, scans, vulnerability findings (POST .../search endpoints with read semantics).
  • tenable_mssp_request — MSSP Portal: child accounts, account groups, domains, license/resource usage — the per-customer rollup axis.
  • tenable_platform_request — Platform & Settings: users, groups, tags, scanners, agents, networks, GET /server/status (connectivity check).
  • tenable_exposure_request — Exposure Management: unified inventory, exposure view, attack paths (POST .../search queries).
  • tenable_pci_request — PCI ASV: attestation listing and status.

Example calls

# Connectivity check
tenable_platform_request("GET", "/server/status")

# Critical vulnerabilities, last 90 days (workbench, synchronous)
tenable_vm_request("GET", "/workbenches/vulnerabilities",
    {"date_range": 90, "filter.0.filter": "severity",
     "filter.0.quality": "eq", "filter.0.value": "Critical"})

# Bulk vulnerability export (async: create → poll → download)
tenable_vm_request("POST", "/vulns/export", None,
    {"num_assets": 50, "filters": {"severity": ["critical", "high"]}})

# High-severity web app findings (POST search = read)
tenable_was_request("POST", "/was/v2/vulnerabilities/search",
    {"limit": 100}, {"field": "severity", "operator": "eq", "value": "high"})

# MSSP child accounts
tenable_mssp_request("GET", "/mssp/accounts")

Things to know

  • Workbenches vs. exports (VM): workbench endpoints are synchronous but capped at 5,000 records with a 35-day default lookback (date_range overrides). Exports are asynchronous and unbounded — use them for bulk pulls.
  • POST-as-read: WAS and Exposure Management list endpoints are POST .../search calls with the filter in the body and paging (limit/offset) in the query string.
  • MSSP container scope: parent-container keys administer child accounts but cannot read child scan/vuln data — that requires keys scoped to the child container.
  • Rate limiting: the API returns 429 with Retry-After; the agent backs off and retries.
  • Key regeneration invalidates the old pair — if keys are regenerated in the Tenable UI, update the credential stored in Bumblebee.

Tenable Nessus (on-prem)

Connect Bumblebee with a self-hosted Nessus scanner (Nessus Professional / Manager) to read scans, per-host vulnerability findings, templates, and the plugin database, and export reports

Zoho One

Connect Bumblebee with Zoho CRM, Zoho Billing, and Zoho Desk (Helpdesk)

On this page

OverviewPrerequisites & SetupGenerate an API key pair in TenableConfigure in BumblebeeAvailable ToolsCore (6 tools)Example callsThings to know