©

Tenable.SC Integration

Tenable.SC Interface

Heimdall© can use a Tenable.SC instance as a data source. Once the interface is configured, Heimdall© can directly load data from Tenable.SC and automatically convert it to OHDF for display, with no further conversion step required by the user.

Login to Tenable.SC

Accessing a Tenable.sc instance via the Heimdall© interface requires API Key Authorization as an authentication method for Tenable.sc API requests.

The Allow API Keys toggle must be enable in the tenable.sc Security Settings to allow users to perform API key authentication. Then, users can generate API keys for themselves or for other users. API keys include an access key and secret key that must be used together for API key authentication. For more information, see Enable API Key Authentication and Generate API Keys.

Once the API Keys are available authenticate to tenable.sc by providing the following information:

  • Access Token: The user API Key generated by the tenable.sc instances being accessed.
  • Secret Token: The user API Secret generated by the tenable.sc instances being accessed.
  • Hostname: The tenable.sc host secure URL follow by the secure port (443).

image

Import Scans from Tenable.SC

To download scans from the tenable.sc select one of the options Today's, 30 Days, 60 Days, or 90 Days.

To load available scans select the scans and click on the into Heimdall© click on the Load Selected icon

image

Tenable.SC CORS Configuration

In order to allow Heimdall© to connect to a Tenable.SC instance, the hosting services should be configured with an allow list that includes the calling domain where Heimdall© resides as a trusted domain to perform CORS requests.

For information on how to enable open access across domain boundaries, please reference the CORS Enabled W3C wiki.

To temporarily disable CORS for local development, you can use a browser extension like CORS Unlock.

It is also possible to start Google Chrome on Windows with CORS temporarily disabled by starting the browser with web security disabled.

Create a short cut, in the "Type the location of the item:" text box enter the following command:

  "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --user-data-dir="C:/Chrome dev session" --disable-web-security"
Previous Splunk Integration
Next AWS S3 Integration
Privacy Policy | MITRE
Deploys by Netlify

Copyright © 1997-2026, The MITRE Corporation. All rights reserved.

MITRE is a registered trademark of The MITRE Corporation. Material on this site may be copied and distributed with permission only.