> ## Documentation Index
> Fetch the complete documentation index at: https://docs.livingsecurity.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Tenable

> Connect Tenable Vulnerability Management to import vulnerability and asset data.

export const ConnectInPlatform = ({tile, children}) => <Step title="Enter the credentials in the Living Security Platform">
    <p>
      Completed by whoever holds Living Security access — the program owner, or the system
      admin if they've been invited (delegated setup).
    </p>
    <ol>
      <li>
        Go to <strong>Settings → Integrations → Catalog</strong>, find the{' '}
        <strong>{tile}</strong> tile, click <strong>Connect</strong>.
      </li>
      <li>
        Fill in the fields below, then click <strong>Connect</strong>.
      </li>
    </ol>
    {children}
  </Step>;

export const SystemAdminBanner = ({system, recommendDelegated}) => <Note>
    <p>
      <strong>This guide is for your {system} administrator.</strong> It covers creating API
      credentials inside {system}, which requires admin access to {system} — not to the
      Living Security Platform.
    </p>
    <p>
      If you're the Living Security <strong>program owner</strong> and don't administer {system},
      send this page to whoever does. They complete Part A and hand the credentials back to you
      (or enter them directly if you've invited them into the platform).
      {recommendDelegated && <>
          {' '}Because setup produces sensitive key material, we recommend the{' '}
          <strong>delegated setup</strong> path so the secret is never sent back to you.
        </>}
    </p>
  </Note>;

<SystemAdminBanner system="Tenable Vulnerability Management" recommendDelegated={true} />

## What Living Security needs

| Credential            | Description                                         |
| --------------------- | --------------------------------------------------- |
| **Access key**        | A personal API access key from your Tenable account |
| **Secret key**        | The secret key generated alongside the access key   |
| **Regional API host** | The hostname for your Tenable environment           |

**Scopes:** Read access to assets and vulnerability exports

**Required role:** **Basic**, **Scan Operator**, **Standard**, **Scan Manager**, or **Administrator** with API access enabled

### Prerequisites

* You must have one of the roles above in Tenable Vulnerability Management.
* Your administrator must have enabled **API access** for your user account.

***

## Part A — In Tenable Vulnerability Management

*Your Tenable administrator completes these steps.*

<Steps>
  <Step title="Navigate to API Keys">
    1. Sign in to Tenable Vulnerability Management at [cloud.tenable.com](https://cloud.tenable.com).
    2. Click your profile icon in the top-right corner, then select **My Account**.
    3. Click the **API Keys** tab.
  </Step>

  <Step title="Generate new API keys">
    1. Click **Generate**.

    <Warning>
      **Generating new keys immediately invalidates any existing keys** for your account. If other applications use the current keys, update them before proceeding. Tenable API keys are account-wide — rotating keys affects all Tenable products (Vulnerability Management, Web App Scanning, Container Security).
    </Warning>

    2. Review the warning, then click **Generate** to confirm.

    Tenable displays the new **Access key** and **Secret key**.
  </Step>

  <Step title="Copy and save your keys">
    **Copy both keys immediately** and store them securely.

    <Warning>
      Tenable displays both keys **only once** — on the same page immediately after generation. If you close the tab without copying them, you must generate a new pair, which invalidates the current pair.
    </Warning>
  </Step>

  <Step title="Identify your regional API host">
    Select the host that matches your Tenable environment:

    | Environment     | Regional API host      |
    | --------------- | ---------------------- |
    | Commercial (US) | `cloud.tenable.com`    |
    | EU              | `eu.cloud.tenable.com` |
    | FedRAMP         | `fedcloud.tenable.com` |

    Enter the **host only** — no `https://` prefix and no trailing slash.
  </Step>
</Steps>

***

## Part B — In the Living Security Platform

*The program owner completes this step, or the system admin if using delegated setup.*

<Steps>
  <ConnectInPlatform tile="Tenable">
    | Field                 | Value                                                          |
    | --------------------- | -------------------------------------------------------------- |
    | **Access key**        | The access key from Part A, Step 3                             |
    | **Secret key**        | The secret key from Part A, Step 3                             |
    | **Regional API host** | The host from Part A, Step 4 (US default: `cloud.tenable.com`) |

    <Note>
      Living Security uses the `X-ApiKeys` header with both keys combined. This is handled automatically — you only need to enter the keys separately.
    </Note>

    <img src="https://mintcdn.com/livingsecurity/oVkrOMkYmNevekTI/integrations/images/tenable/connect-dialog.png?fit=max&auto=format&n=oVkrOMkYmNevekTI&q=85&s=c2bde918488e8a48f4c4b7133ff6178c" alt="Living Security connect dialog for Tenable" style={{maxWidth: "450px"}} width="576" height="566" data-path="integrations/images/tenable/connect-dialog.png" />
  </ConnectInPlatform>
</Steps>

You are now connected to Tenable Vulnerability Management.

***

## Troubleshooting

<AccordionGroup>
  <Accordion title="401 Unauthorized">
    The keys are invalid or have been rotated. Generate a new key pair from **My Account → API Keys**.
  </Accordion>

  <Accordion title="403 Forbidden">
    Your user account lacks permissions to export assets or vulnerabilities. Verify:

    1. Your account has a role of **Basic** or higher
    2. **API access** is enabled for your account (ask your Tenable administrator)
  </Accordion>

  <Accordion title="Generate button is inactive">
    API access is not enabled for your account. Contact your Tenable administrator to enable API access under your account settings.
  </Accordion>

  <Accordion title="Keys rotated by another application">
    Tenable API keys are account-wide. If another application or team member generated new keys, your existing keys are invalidated. Coordinate key rotation with other applications using the same Tenable account.
  </Accordion>

  <Accordion title="Wrong regional host">
    Using the wrong host causes authentication to fail. Verify:

    * US accounts use `cloud.tenable.com`
    * EU accounts use `eu.cloud.tenable.com`
    * FedRAMP accounts use `fedcloud.tenable.com`
  </Accordion>
</AccordionGroup>
