---
title: "Tenable SecurityCenter (formerly Tenable.sc)"
slug: "securitycenter"
tags: ["connectors", "tenable"]
updated: 2025-06-24T17:48:06Z
published: 2025-06-24T17:48:06Z
canonical: "help.nucleussec.com/securitycenter"
stale: true
---

> ## Documentation Index
> Fetch the complete documentation index at: https://help.nucleussec.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Tenable SecurityCenter (formerly Tenable.sc)

## Overview

The Nucleus Tenable.sc connector integrates directly with Tenable.sc by leveraging a local account on the platform. The connector enables you to ingest infrastructure scans via different methods into your Nucleus Project:

- ingesting via Asset;
- ingesting via Query; and
- ingesting via Scan (this is a legacy method that leverages a deprecated API in Tenable.sc and may be removed by Tenable in a future version).

## Connector Setup

### Connector Setup Checklist

Follow the steps in this checklist to successfully set up this connector:

**1. API Access** Create a service account with minimum required permissions in Tenable.sc.

**2. Connector Configuration** Create and configure the connector in your Nucleus project.

**3. Vulnerability Scan Data Ingestion** Create one or more vulnerability scan ingest rules to ingest data from Tenable.sc.

A valid username and password are required for this integration, and authentication is achieved via Basic Auth.

### 1. API Access

Required Permissions

Nucleus must have access to view all scans and download individual scan results. At a minimum, the **Executive** [organisational user role](https://docs.tenable.com/tenablesc/Content/UserRoles.htm) is required, however, **Vulnerability Analyst** and **Security Analyst** also satisfy the permission requirements.

Custom roles cannot be used in Tenable.sc for this user account as there are no permissions options available for viewing and downloading scan data.

Nucleus recommends that the *Executive* role is assigned to the service account, as this role has the smallest permission set that will satisfy the connector's requirements.

1. Create a new user in Tenable.sc and assign it an appropriate role as described above.

2. Optionally generate an API access key and secret for the account that was created above. This is not a requirement, however, it is a security best practice. Follow the [Tenable Documentation](https://docs.tenable.com/tenablesc/Content/GenerateAPIKey.htm) steps to generate an API key for the above account.

3. Make a note of either the username and password or access key and secret as these will be needed in the following steps.

### 2. Connector Configuration

1. In Nucleus, go to **Integration Hub****> Connector Setup**.

2. Under the **Scanners** section, click the **Tenable.sc** or **SecurityCenter** icon.

3. In the **Setup SecurityCenter Connector** pop-up, complete the following fields:

AttentionIf you're using the Nucleus Agent to connect to an on-premise server for this tool, please refer to the document [here](https://help.nucleussec.com/docs/nucleus-agent).  

| Field | Description |
| --- | --- |
| Name | Enter a short name for the connector to uniquely identify it, such as "SecurityCenter scanner - U.S. East coast". |
| Description | Optionally, enter a description for the connector. |
| SecurityCenter URL | Enter the URL (including port number) of your SecurityCenter Installation. |
| Username | Enter the username you use to log in to SecurityCenter. |
| Password | Enter the password you use to log in to SecurityCenter. |

4. Click the **Save Connection** button and wait for the success message.

5. Click the **Test Connection** button. You will see a message to notify you that the connection test was successful. Your connector is now setup properly.

6. Close the popup window.

Your connector is now set up and ready to use!

### 3. Vulnerability Scan Data Ingestion

1. Go to **Integration Hub****> Import via Connector**.
2. Select the SecurityCenter connector you just created.
3. Choose your import method (Asset, Query or Scan):

![image.png](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/image%2891%29.png)

1. Click **Next** and select what you'd like to import.
2. Click **Next** and select how often you want to import, either one-time or to auto-import on a schedule.
3. Click **Save & Finish**.

## Frequently Asked Questions

### Why is Scan marked as deprecated?

The import via Scan method was the first method of vulnerability data ingestion that the Tenable.sc connector supported. Tenable has since deprecated the APIs that are used for importing via Scan, however, we have left this scan method enabled for backward compatibility.

Tenable may at some point in the future completely remove this API, such as in a new version of Security Center, at which point this import method will cease to function.

### What is the best way to import?

The best import method is based on the requirements of your organisation. Importing via Asset allows you to ingest vulnerability data at the asset level, whereas importing via Query allows you to ingest any vulnerability data on assets that match a query in Tenable.sc. For maximum flexibility, you may want to consider using import via Query.

### What does the Import by Asset option mean and what does it import?

In Tenable SC, a user can make a list of devices and then use that list later to setup scans for it. These lists / groups of devices are called assets in Tenable SC. It is worthwhile to refer to [Tenable SC Documentation](https://docs.tenable.com/tenablesc/Content/Assets.htm) for further clarification on Tenable's definition of an asset. This is slightly different from how [Nucleus Defines Assets](https://help.nucleussec.com/docs/assets).

Definition

In Nucleus, an asset is anything that can have a vulnerability correlated to it.

When a user selects this option, Nucleus will query these device groups and will list them on Step "2. Select Asset" of manual / scheduling the Tenable SC scans ingests.

![image.png](https://cdn.document360.io/3888970a-6501-459e-acc9-c47b71c6d64c/Images/Documentation/image%28260%29.png)

From this screen, users can select the list of devices (Tenable Assets) they want to ingest the scans for (if available in Tenable SC) and then schedule the ingest in the next step i.e "3. Select Schedule".

During the import, Nucleus will query these Tenable Assets for the available scans and import them if they have not been imported before.

So, for example, if a Tenable Asset is set up to scan daily and the corresponding scan ingest schedule in Nucleus is also daily, Nucleus will be able to pull in the newly completed scans for this Tenable Asset daily according to the schedule.

## Frequently Asked Questions

### What additional metadata is populated?

The following additional metadata is set on assets ingested from Tenable.sc:

| Key | Source |
| --- | --- |
| tenablesc.dns-name | dnsName |
| tenablesc.mac-address | macAddress |
| tenablesc.netbios-name | netbiosName |
| tenablesc.operating-system | operatingSystem |
| tenablesc.host-uniqueness | hostUniqueness |
| tenablesc.ip-address | ip |
| tenablesc.repository.id | repository['id'] |
| tenablesc.repository.name | repository['name'] |
| tenablesc.repository.description | repository['description'] |
| tenablesc.repository.sci-id | repository['sci-id'] |
| tenablesc.repository.data-format | repository['data-format'] |
| tenablesc.uuid | uuid |

### What list of plugins should be run to populate the SSL/TLS summary page in Nucleus?

The following Tenable plugin ids populate the SSL/TLS summary page:

- 56984
- 38116
- 112530

### Other questions

If you have any questions, please contact us through the [support center](https://nucleussec.atlassian.net/servicedesk/customer/portal/3).

## Related

- [Overview](/connectors-overview.md)