n8n-nodes-tenable-community
v1.8.3
Published
n8n node for the Tenable One platform
Maintainers
miitreevReadme
n8n Community Node: Tenable
Introduction
The n8n Community Node for Tenable provides the definitive, enterprise-grade integration for the Tenable One exposure management platform. This node is meticulously engineered to be the most extensive and powerful Tenable integration available for n8n, offering true 100% API coverage for core products like Tenable Vulnerability Management and Tenable.sc.
Automate your entire security lifecycle—from discovering assets and launching scans to exporting vulnerabilities and creating remediation tickets—all within your n8n workflows.
Prerequisites
To use this node, you will need an active Tenable license for the products you wish to automate and the appropriate API keys for your Tenable instance. For instructions on generating API keys, please see the official Tenable documentation: Generate API Keys.
Installation & Credentials
To install this community node, please follow the official n8n documentation on installing community nodes.
This node uses a single, unified credential model that intelligently adapts to simplify setup:
For Tenable One Platform (Cloud):
- Covers cloud products like Vulnerability Management, Web App Scanning, etc.
- Requires your Access Key and Secret Key.
For Tenable Security Center (On-Prem):
- Requires your Access Key, Secret Key, and the Tenable Security Center URL for your on-premise instance.
For Tenable Identity Exposure:
- Supports both Cloud and On-Prem deployments.
- Requires your API Key.
- If you are using an on-premise instance, you must also provide the On-Premises URL.
Key Features
This node is built with an enterprise-first mindset, focusing on comprehensive coverage, robustness, and ease of use.
- True 100% API Coverage: Go beyond basic integrations. This node provides access to the entire API surface for core products, including every resource and operation for Tenable Vulnerability Management and Tenable.sc. If you can do it in the API, you can do it in n8n.
- Unified Credential Management: A single, intelligent credential handles authentication across the entire Tenable ecosystem, automatically adapting to Cloud, On-Prem (Tenable.sc), and Identity Exposure platforms.
- Intelligent Triggering System: Start workflows based on real-time security events. The trigger node features configurable polling intervals, remembers events to prevent duplicate runs, and uses dynamic dropdowns to fetch live data from your Tenable instance (e.g., for monitoring the status of specific cloud regions).
- Full Lifecycle Automation: Manage the entire lifecycle of your security objects—create, read, update, delete, launch, pause, import, and export scans, policies, reports, assets, and more.
- Automatic Pagination: Never worry about data limits. For operations that return large datasets, just enable the Return All option, and the node will handle fetching every single page of results for you.
- Robust Error Handling: Standardized error handling provides clear, informative messages, making it easier to build and debug workflows.
The Tenable Node (Operations)
The Tenable node is organized hierarchically to mirror the Tenable One platform's API structure. The selection process is straightforward:
- Select a Product: Choose the Tenable product you want to interact with (e.g., Vulnerability Management, Security Center).
- Select a Resource: Based on the product, choose a specific resource (e.g., Assets, Scans, Policies).
- Select an Operation: Based on the resource, choose the action you want to perform (e.g., List, Get, Create, Delete).
⚠️ Warning: Some operations are destructive and will permanently alter data in your Tenable instance. Please use them with caution.
Tenable Vulnerability Management
This product now has 100% API coverage. The following tables highlight the extensive list of available operations, from core resources like Scans and Policies to advanced features like Agent Management and Access Control.
Scans & Scheduling
| Resource | Operation | Description |
| :--- | :--- | :--- |
| Scans | List Scans, Create Scan, Get Scan Details, Update Scan, Delete Scan, Launch Scan, Pause Scan, Resume Scan, Stop Scan, Copy Scan, Import Scan, Toggle Scan Schedule, List Timezones | Full lifecycle management for scan configurations. |
| Scan History | Get Scan History, Get Scan History Details, Delete Scan History | Manage historical scan runs. |
| Scan Exports | Request Scan Export, Get Scan Export Status, Download Scan Export | Export completed scan results. |
| Scan Results | Get Host Details, Get Plugin Output, Get Scan Attachment | Drill down into the results of a specific scan. |
Policies, Reports, and Folders
| Resource | Operation | Description |
| :--- | :--- | :--- |
| Policies | List Policies, Create Policy, Get Policy Details, Update Policy, Delete Policy, Copy Policy, Import Policy, Export Policy | Full lifecycle management for scan policies. |
| Reports | Create Report, Get Report Status, Download Report | Generate and download PDF reports from templates. |
| Folders | List Folders, Create Folder, Update Folder, Delete Folder | Organize your scans and policies. |
Assets, Attributes, and Asset Lists
| Resource | Operation | Description |
| :--- | :--- | :--- |
| Assets | List Assets, Get Asset Details, Import Assets, Export Assets, Get Asset Info, Get Asset Tags | Manage and query asset information. |
| Asset Attributes| Create Attribute, List Attributes, Update Attribute, Delete Attribute, Assign Attributes to Asset, List Asset Attributes, Delete Asset Attributes | Manage custom asset attributes. |
| Asset Lists | List Asset Lists, Create Asset List, Update Asset List, Delete Asset List, Import Assets to List, Add Assets to List, Bulk Remove Assets from List | Manage dynamic and static asset lists. |
Agents & Agent Groups
| Resource | Operation | Description |
| :--- | :--- | :--- |
| Agents | List Agents, Get Agent, Delete Agent, Get Agent Status, Unlink Agent | Manage individual Nessus agents. |
| Agent Groups | List Agent Groups, Create Agent Group, Get Agent Group, Update Agent Group, Delete Agent Group, Add Agent to Group, List Group Agents, Delete Agent from Group, Dispatch Scan to Group | Organize and manage groups of Nessus agents. |
| Agent Exclusions| List Agent Exclusions, Create Agent Exclusion, Get Agent Exclusion, Update Agent Exclusion, Delete Agent Exclusion | Manage exclusions for agent-based scans. |
Vulnerability Management
| Resource | Operation | Description |
| :--- | :--- | :--- |
| Vulnerability Export| Export Vulnerabilities | A powerful, filter-based export of vulnerability data from your instance. |
| Workbench | Query Vulnerabilities, Get Asset Vulnerabilities | Directly query the vulnerability workbench. |
| Exclusions | List Exclusions, Create Exclusion, Get Exclusion, Update Exclusion, Delete Exclusion | Manage vulnerability exclusions. |
| Plugins | List Plugin Families, Get Family Details | Query information about Nessus plugin families. |
Access Control & Users
| Resource | Operation | Description |
| :--- | :--- | :--- |
| Users | List Users, Create User, Get User, Update User, Delete User, Change Password, Enable User, and more | Full user lifecycle management. |
| Access Control| List Groups, Create Group, Update Group, Delete Group, Add Users to Group, List Permissions, Create Permission, and more | Manage user groups and their permissions. |
| Audit Log | List Events | Retrieve events from the audit log. |
And Even More... This integration also fully supports: Filters, Vulnerability Imports, Shared Collections, File Uploads, Credentials, and Editor Templates.
Tenable.sc
The Tenable.sc integration is vast, providing 100% API coverage for your on-premise vulnerability management. The node exposes dozens of resources and hundreds of operations, allowing for deep automation of your security workflows.
Core Resources
| Resource | Common Operations | Description |
| :--- | :--- | :--- |
| Analysis | Export Vulnerabilities | Performs a filtered query and exports vulnerability data based on various criteria. |
| Assets | List, Get, Update, Delete | Manage and query asset information. |
| Scans | List, Create, Get, Update, Delete, Launch | Full lifecycle management for scan configurations. |
| Scan Results | Get, Download, Import, Pause, Resume, Stop | Manage and download completed scan results. |
| Repositories | List, Create, Get, Update, Delete, Sync | Manage data repositories within Tenable.sc. |
| Plugins | Get, List by Family | Query details for individual plugins and plugin families. |
| Hosts | Get, Search, Download | Query and download host information. |
Configuration & Management
| Resource | Common Operations | Description |
| :--- | :--- | :--- |
| Scan Policies | List, Create, Get, Update, Delete, Copy, Export, Import | Full lifecycle management for scan policies. |
| Credentials | List, Create, Get, Update, Delete | Manage scan credentials. |
| Users | List, Create, Get, Update, Delete | Manage user accounts. |
| Groups & Roles | List, Create, Get, Update, Delete | Manage user groups and roles for access control. |
| Organizations | List, Create, Get, Update, Delete | Manage different organizations within Tenable.sc. |
| Audit Files | List, Create, Get, Update, Delete, Share | Manage custom audit files for compliance scanning. |
| Report Definitions| List, Create, Get, Update, Delete, Launch | Create and manage templates for generating reports. |
| Dashboards | List, Create, Get, Update, Delete, Share | Automate the creation and management of dashboards. |
Rules & Automation
| Resource | Common Operations | Description |
| :--- | :--- | :--- |
| Accept Risk Rules | List, Create, Get, Update, Delete, Apply | Manage rules for accepting risks. |
| Recast Risk Rules| List, Create, Get, Update, Delete, Apply | Manage rules for recasting risks. |
| Blackout Windows| List, Create, Get, Update, Delete | Define periods when scanning is not permitted. |
| Freeze Windows | List, Create, Get, Update, Delete | Define periods when scan data should not be updated. |
| Tickets | Create, Update | Create and update remediation tickets. |
| Alerts | List, Create, Get, Update, Delete | Manage alerts for security events. |
And Many More... This integration also fully supports dozens of other resources, including: Agent Scans, LCEs (Log Correlation Engines), LDAP Configurations, Notifications, Passive Scanners, Queries, SAML Configurations, Scan Zones, System Status, and Software Updates.
Other Tenable Products
Beyond the core vulnerability management platforms, this node also provides deep integrations with other key products in the Tenable ecosystem.
- Tenable Attack Path Analysis: Go beyond individual vulnerabilities and automate the analysis of attack paths.
- Operations:
List Attack Paths,Get Path Details,List Critical Assets,List Findings
- Operations:
- Tenable Identity Exposure: Automate the monitoring of your Active Directory infrastructure.
- Operations:
List Indicators of Exposure,Get Profile Details,Query Topology,List Domains
- Operations:
- Tenable PCI ASV: Automate your PCI compliance scanning and reporting.
- Operations:
List Scans,Create Scan,Launch Scan,List Attestations,Get Attestation Details
- Operations:
- Tenable Web App Scanning: Manage your web application scans.
- Operations:
List Scans,Create Scan,Update Scan,Delete Scan,Launch Scan,Search Findings
- Operations:
- Tenable Cloud Security: Query assets from your cloud security posture management.
- Operations:
List Assets
- Operations:
- Tenable MSSP: A dedicated portal for Managed Security Service Providers.
- Operations:
List Accounts,Get Account Details,Create Evaluation Account
- Operations:
The Tenable Trigger Node
The Tenable Trigger node is a powerful tool for starting workflows based on real-time security events. It features a stateful design to prevent duplicate runs and a user-friendly interface with dynamic, searchable dropdowns.
A key feature of this trigger is the Configurable Polling Interval, which allows you to control how frequently n8n checks for new data, giving you fine-grained control over your workflow executions.
| Trigger Event | Platform | Description |
| :--- | :--- | :--- |
| New Incident or Advisory | N/A | Polls the public Tenable security RSS feed for new global advisories. A great way to stay on top of emerging threats. |
| Component Status | Cloud | Monitors the status of Tenable's cloud platform. Features a dynamic, two-level dropdown to select a parent product (e.g., Tenable Vulnerability Management) and then a specific region or component to monitor. Triggers only when the status changes. |
| New Vulnerability Found | Cloud | Triggers when a new or resurfaced vulnerability is found in Tenable Vulnerability Management. Supports a rich set of filters, including severity, VPR score, and asset tags. |
| New Vulnerability Found | On-Prem | Triggers when a new vulnerability is found in your Tenable.sc instance. Uses a time-based check to fetch vulnerabilities discovered since the last run. |
| Asset Discovered | Cloud | Triggers when a new asset is discovered in Tenable Vulnerability Management. Essential for automating asset inventory and onboarding workflows. |
Example Workflows
Tenable.sc Example: Get assets from a Tenable.sc repository that have critical vulnerabilities and create issues in Jira.
{
"name": "Create Jira Tickets for Critical Vulnerabilities in Tenable.sc",
"nodes": [
{
"parameters": {
"rule": {
"interval": [
{
"unit": "days",
"number": 1
}
]
}
},
"name": "Schedule Trigger",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
250,
300
]
},
{
"parameters": {
"product": "sc",
"resource": "analysis",
"operation": "exportVulnerabilities",
"options": {
"query": {
"type": "vuln",
"filters": [
{
"filterName": "severity",
"operator": "=",
"value": "4"
}
]
}
}
},
"name": "Tenable",
"type": "n8n-nodes-tenable-community.tenable",
"typeVersion": 1,
"position": [
550,
300
],
"credentials": {
"tenableOneApi": {
"id": "1",
"name": "Tenable One API"
}
}
},
{
"parameters": {
"projectKey": "IT",
"issueType": "Task",
"summary": "Critical Vulnerability Found: {{ $json.pluginName }} on {{ $json.ip }}",
"description": "A critical vulnerability was found on {{ $json.ip }}. Please investigate."
},
"name": "Jira",
"type": "n8n-nodes-base.jira",
"typeVersion": 1,
"position": [
850,
300
],
"credentials": {
"jiraApi": {
"id": "3",
"name": "Jira"
}
}
}
],
"connections": {
"Schedule Trigger": {
"main": [
[
{
"node": "Tenable",
"type": "main",
"index": 0
}
]
]
},
"Tenable": {
"main": [
[
{
"node": "Jira",
"type": "main",
"index": 0
}
]
]
}
}
}Attack Path Analysis Example: On a schedule, check for new high-priority attack paths and send a detailed alert to a dedicated Slack channel for the security team.
{
"name": "New High-Priority Attack Paths Alert",
"nodes": [
{
"parameters": {
"rule": {
"interval": [
{
"unit": "hours",
"number": 1
}
]
}
},
"name": "Schedule Trigger",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
250,
300
]
},
{
"parameters": {
"product": "apa",
"resource": "attackPath",
"operation": "listAttackPaths",
"options": {
"filter": {
"priority": "high"
}
}
},
"name": "Tenable",
"type": "n8n-nodes-tenable-community.tenable",
"typeVersion": 1,
"position": [
550,
300
],
"credentials": {
"tenableOneApi": {
"id": "1",
"name": "Tenable One API"
}
}
},
{
"parameters": {
"channel": "security-alerts",
"text": "New High-Priority Attack Path Found: {{ $json.name }}"
},
"name": "Slack",
"type": "n8n-nodes-base.slack",
"typeVersion": 1,
"position": [
850,
300
],
"credentials": {
"slackApi": {
"id": "2",
"name": "Slack"
}
}
}
],
"connections": {
"Schedule Trigger": {
"main": [
[
{
"node": "Tenable",
"type": "main",
"index": 0
}
]
]
},
"Tenable": {
"main": [
[
{
"node": "Slack",
"type": "main",
"index": 0
}
]
]
}
}
}Tenable Identity Exposure Example: Weekly check for new Indicators of Exposure and send a summary email.
{
"name": "Weekly Indicators of Exposure Summary",
"nodes": [
{
"parameters": {
"rule": {
"interval": [
{
"unit": "weeks",
"number": 1
}
]
}
},
"name": "Schedule Trigger",
"type": "n8n-nodes-base.scheduleTrigger",
"typeVersion": 1,
"position": [
250,
300
]
},
{
"parameters": {
"product": "ie",
"resource": "indicatorsOfExposure",
"operation": "listIndicatorsOfExposure"
},
"name": "Tenable",
"type": "n8n-nodes-tenable-community.tenable",
"typeVersion": 1,
"position": [
550,
300
],
"credentials": {
"tenableOneApi": {
"id": "4",
"name": "Tenable IE API"
}
}
},
{
"parameters": {
"to": "[email protected]",
"subject": "Weekly Tenable Identity Exposure Summary",
"html": "<h3>Indicators of Exposure Found:</h3><ul>{{ $items().map(item => `<li><b>${item.json.name}</b>: ${item.json.description}</li>`).join('') }}</ul>"
},
"name": "Send Email",
"type": "n8n-nodes-base.sendEmail",
"typeVersion": 1,
"position": [
850,
300
],
"credentials": {
"smtp": {
"id": "5",
"name": "SMTP"
}
}
}
],
"connections": {
"Schedule Trigger": {
"main": [
[
{
"node": "Tenable",
"type": "main",
"index": 0
}
]
]
},
"Tenable": {
"main": [
[
{
"node": "Send Email",
"type": "main",
"index": 0
}
]
]
}
}
}Contributing
Contributions from the community are welcome! If you'd like to help improve this node, please see our CONTRIBUTING.md file for guidelines on how to submit pull requests.
License
This project is licensed under the MIT License. See the LICENSE file for details.