PlexTrac + Tenable: See the integration in action

Well, I know your team was hard at work for quite some time, working closely with the Tenable team on officially joining their technology partner program. So maybe chat a little bit about what that entailed, what that process looked like, and really what that means for our joint customers.

Yeah, absolutely. So I mean, first of all, I just kind of want to share, from the onset, as we, you know, took on the integration, we chose to be intentional about choosing to join the partner program. So that meant from the onset we were looking at what the requirements were in terms of our approach to the integration, the software development, so that we could be approved at the end. And what that looks like is, you know, understanding how they want the APIs to be used.

And that’s both for us to be a good partner to them in terms of like how the data is coming into our system and back and forth and that type of thing. But also for the benefit of their customers that they can also feel confident that our joint customers are having a really great experience. So at the end of that process of creating the integration, both for Tenable SE and Tenable Vulnerability Management, we met with our team, our engineers, took them through kind of the back end of code and how we were actually pulling that data for their approval to just check all of those boxes. And now that we are approved and had that great conversation with them, we’re listed amongst their partners, both in the space of pentest reporting — actually the first in that category — but also in the category of exposure management. And we’re thrilled for that joint branding moment there.

Yeah, definitely. And that also gives customers the confidence that we’re always going to have the most updated fields, updated changes, all of that stuff funneling directly to us from Tenable to ensure our integration is up to date.

Yep, absolutely. All right, so I know there’s a couple exciting updates with the advancements that we’ve brought to these integrations, the first being the client-level integrations now being available. So both Tenable VM, Tenable SE now have the ability to integrate licenses at the client level as well as multiple mappings at the client level. I mean, if you’re a service provider, this is a huge benefit, because if you’re working with Tenable customers or prospects that you’re trying to sign on to your services, this offers you the ability to help them maximize their own Tenable investments. Aggregate that data with other scans, pentests, and offensive engagements that they’re running.

So maybe chat a little bit about what that client-level experience looks like and why that matters.

Yeah, I think that the importance of that client need that you’re speaking to Elyse is going to be a huge part of our strategy going forward. We’re thrilled that this is a part of our Tenable offering and it’ll definitely be a part of our integrations and future additions to platform overall. But what you can expect with our Tenable integration with regard to being client-based is an option at the connection level. So as you make a connection in your PlexTrac platform to Tenable, you can choose to make that connection either tenancy-wide, which means everyone in your PlexTrac instance can access that data flowing through, or you can specify a client. And when you do choose to make a Tenable connection in PlexTrac client base, that means that it’s going to honor our client authorization. And that means, you know, the user who is accessing that client’s report, working in their report is authorized to access their information. See that data, see those vulnerabilities or findings that are coming up for the client, and that includes the data coming in from Tenable. So it just gives you that level of security.

If your organization needs to work in that manner and also make your clients feel secure, that option can work for you. But alternatively, you know, on the tenancy-wide side, we are supporting multiple connections, even if you want everyone in PlexTrac to have access. And that can be great for teams who have expanded over time through acquisition or just have uniquenesses in terms of how they are working. And maybe different teams have different instances of Tenable, we can support that in the configuration. So we’re excited about that.

Yeah, that’s great. Really offers just the flexibility and customization that you need to really solve, serve any, any work, any customized workflows.

Yep. All right. And then the other exciting update was that we now have the ability to pull in exploit data from Tenable. So if there’s Tenable findings that have active exploits in the wild affecting them, you can now pull that field in and then leverage it in PlexTrac to tag those findings and add additional contextual risk-based scoring on top of that to ensure that those get actioned and prioritized before they have a chance to get exploited.

So, Hannah, maybe you can chat through a little bit about what the mappings look like and show folks how that’s set up for this. Let’s let me actually share my screen so we can better demonstrate a little bit more about this. Yeah.

Great.

Can you see my screen here, Elyse?
Yep. It’s showing we’ve got the tentable mappings on the screen.

Awesome. So just to contextualize you all to what you’re seeing here, this is the experience we provide when you’re setting up an instance of Tenable and PlexTrac. And so you can kind of imagine here, this is giving you the ability to choose which fields are flowing into PlexTrac. And this is quite expansive. Just to kind of speak to what you’re talking about, the use case around exploit data, this is actually a required field.

We feel like this is so important. So this exploit data is going to be flowing into your PlexTrac instance alongside all of your other findings or asset-based data and then to kind of speak to that excellent use case that you were calling out, Elyse, I’m going to actually flip to a different tab here. Bear with me just a minute. So downstream of this, you should be now seeing a report here on screen. Elyse?

We’re seeing it, yeah.

Awesome. Thank you so much. So yeah, downstream of this, let’s say you’ve got your connection made, it’s now syncing on an hourly basis and we’re getting all this great Tenable data into the PlexTrac platform that’s going to be eligible to be then pulled into your reports. And what you’re seeing on screen here is I’ve already broadened some findings and in this example, I’ve started to associate this with a priority. And, Elyse, you kind of want to speak to what a priority is for these?

Absolutely. So Priorities is a new module that we launched earlier this year and you can see it on, as a tab on the left-hand menu side. But really what a priority is, is a way to group thematic findings and assets. So if there are findings that are associated with one another, maybe have a similar underlying issue, you can group those into that larger theme so you can track them, come up with a remediation plan and track that through to remediation, as well as add a layer of that contextual risk-based scoring and come up with a contextual risk score to apply to that priority. So it gives it a risk rating that takes into your, takes into account your contextualization and true impact that it’ll have on your business.

Yeah, awesome. Thank you so much for sharing that detail. And just to kind of expand on this, I want to show you guys how this data comes in. So if we’re pulling in data from our Tenable integration we’ve got configured here, all of the data can be used to then kind of sort through and filter on the PlexTrac side. And this option here is going to give me the ability to filter down to just those findings that have an exploit on them. Now, maybe I also want to look for an asset tag that my team is using on the Tenable side or an asset name to get down to that subset. But once you select and find those right findings and you’re bringing in them into PlexTrac, that’s where you can really easily use our bulk, our features to associate.

Maybe a tag is the example we gave there. And I’m going to show another screen. So in this example, we’ve found the right, we found the right findings from Tenable that we want to bring into PlexTrac that we know are exploitable. We’ve brought them in, we’ve tagged them from there. We can go over here and I’m going to share my screen to kind of give you a reference to that contextual score that Elyse was speaking to. So if we’re using that tag, we can build in a weighted score and associate with that priority to make sure to really elevate the visibility of this issue, if that’s appropriate.

Yeah, absolutely.

And this is available not only across your Tenable data, but of course, all the other data you have in your PlexTrac instance. So your scans, your pentests, any of your offensive engagements. So these scores can be applied across the board to your aggregated data?

Yeah, absolutely. One other thing just to speak to as we’re talking about the value of both this integration and then some of the great features we have in PlexTrac, each of these mappings just kind of coming back to and sharing the screen with you guys. Each of these mappings can be configured at the client level if you choose to make your connection client-based. So you can not only customize the data flowing into PlexTrac, but then also leverage those contextual scores and priorities at the client level as well. And we’re just really excited about that customization here.

Yeah, absolutely. Well, Hannah, I think that was all the questions that have come in. That about wraps up what we had to chat with you today around our Tenable integration. If any questions do pop up, feel free to drop them in the chat or reach out to us directly. But thanks for joining today, and we’ll see you next time.