Tenable.io - Launch Scan

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊

↑ Back to Content Index

Once a new Microsoft Sentinel incident is created, this playbook gets triggered and performs the following actions: 1. Launches scan by scan id provided during the playbook deployment. 2. Adds information about launched scan as a comment to the incident.

Attribute	Value
Type	Playbook
Solution	TenableIO
Source	View on GitHub

Logic App Connectors

This playbook uses 3 Logic App connectors / built-in actions:

Connector / Action	Type	Connections	Actions
`azuresentinel`	Managed	1	1
`tenablevm`	Managed	0	1
`TenableVulnerabilityManagement`	Custom	1	0

Action parameters (URLs, paths, function IDs)

`azuresentinel` (Managed)

Action	Method	Endpoint	Other
Add_comment_to_incident_(V3)	post	`/Incidents/Comment`	—

`tenablevm` (Managed)

Action	Method	Endpoint	Other
Launch_scan	post	`/scans/@{encodeURIComponent(variables('scan_id'))}/launch`	—

Additional Documentation

📄 Source: Playbooks/Tenable-LaunchScan/readme.md

Tenable-LaunchScan

Summary

When a new sentinel incident is created, this playbook gets triggered and performs the following actions:

Launches scan by scan id provided during the playbook deployment.
Adds information about launched scan as a comment to the incident.

Prerequisites

Prior to the deployment of this playbook, Tenable Vulnerability Management API Connector needs to be deployed under the same subscription.
Obtain Tenable API credentials. Follow the instructions in the documentation.

Deployment instructions

To deploy the Playbook, click the Deploy to Azure button. This will launch the ARM Template deployment wizard.
Fill in the required paramteres:
- Playbook Name: Enter the playbook name here
- Scan Id: Scan Id to be launched
- Tenable Vulnerability Management Connector Name: name of the custom Logic App connector