Tenable App for Microsoft Sentinel
Solution: Tenable App
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Tenable |
| Support Tier | Partner |
| Support Link | https://www.tenable.com/support/technical-support |
| Categories | domains |
| Version | 3.1.2 |
| Author | Tenable - support@tenable.com |
| First Published | 2024-06-06 |
| Last Updated | 2026-04-16 |
| Solution Folder | Tenable App |
| Marketplace | Azure Marketplace · Rating: ★★☆☆☆ 2.0/5 (4 ratings) · Popularity: 🟢 High (82%) |
The Tenable App solution provides the capability to ingest Asset and Vulnerability data into Microsoft Sentinel through the REST API from the Tenable platform (Managed in the cloud). Refer to API documentation for more information.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs:
a. Azure Monitor HTTP Data Collector API
Contents
Data Connectors
This solution provides 2 data connector(s):
Tables Used
This solution uses 7 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
Tenable_IE_CL |
Tenable Identity Exposure | Analytics, Workbooks |
Tenable_VM_Asset_CL |
Tenable Vulnerability Management | Playbooks |
Tenable_VM_Compliance_CL |
Tenable Vulnerability Management | - |
Tenable_VM_Vuln_CL |
Tenable Vulnerability Management | Playbooks |
Tenable_WAS_Asset_CL |
Tenable Vulnerability Management | - |
Tenable_WAS_Vuln_CL |
Tenable Vulnerability Management | - |
Tenable_ad_CL |
Tenable Identity Exposure | Analytics, Workbooks |
Content Items
This solution includes 20 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 12 |
| Playbooks | 3 |
| Parsers | 3 |
| Workbooks | 2 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| TIE Active Directory attacks pathways | Low | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| TIE DCShadow | High | DefenseEvasion | Tenable_IE_CLTenable_ad_CL |
| TIE DCSync | High | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| TIE Golden Ticket | High | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| TIE Indicators of Attack | Low | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| TIE Indicators of Exposures | Low | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| TIE LSASS Memory | High | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| TIE Password Guessing | High | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| TIE Password Spraying | High | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| TIE Password issues | Low | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| TIE privileged accounts issues | Low | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
| TIE user accounts issues | Low | CredentialAccess | Tenable_IE_CLTenable_ad_CL |
Workbooks
| Name | Tables Used |
|---|---|
| TenableIEIoA | Tenable_IE_CLTenable_ad_CL |
| TenableIEIoE | Tenable_IE_CLTenable_ad_CL |
Playbooks
| Name | Description | Tables Used |
|---|---|---|
| Tenable VM - Enrich incident with asset info | Once a new Microsoft Sentinel incident is created, this playbook gets triggered and performs the fol... | Tenable_VM_Asset_CL (read) |
| Tenable VM - Enrich incident with vulnerability info | Once a new Microsoft Sentinel incident is created, this playbook gets triggered and performs the fol... | Tenable_VM_Vuln_CL (read) |
| Tenable VM - Launch Scan | Once a new Microsoft Sentinel incident is created, this playbook gets triggered and performs the fol... | - |
Parsers
| Name | Description | Tables Used |
|---|---|---|
| TenableVMAssets | - | Tenable_VM_Asset_CL (read) |
| TenableVMVulnerabilities | - | Tenable_VM_Vuln_CL (read) |
| afad_parser | - | Tenable_IE_CL (read) |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | Change History |
|---|---|---|
| 3.1.2 | 03-04-2026 | Updated checkpoint field in vuln data fetching. New field name: indexed_atCorrected Tenable_IE_CL table references in Data Connector Configuration. Update PyTenableUABuild value to 3.1.0 in template. Updating data connector UI page for multiple rsyslog configuration support in Tenable IE. Updated schema for Vulnerabilities and WAS Vulnerabilities in Tenable VM. |
| 3.1.1 | 12-09-2025 | Added button for Azure Gov Cloud in the UI page of the data connector. |
| 3.1.0 | 19-06-2025 | Updated the python runtime version to 3.12. Updated pyTenable sdk version to 1.7.4. Added support for WAS Asset and WAS Vuln data ingestion. Removed Queue Trigger functions and updated with Durable Functions. Added support for Log Ingestion API and updated parsers and playbooks accordingly |
| 3.0.1 | 05-09-2024 | Updated the python runtime version to 3.11 |
| 3.0.0 | 03-07-2024 | Initial Solution Release |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊