Tenable.io Integration
Use Tenable.io as an evidence source in Aurora Command. Capture evidence automatically where supported, or attach exports when you need to. Aurora keeps the source, timestamp, owner, and review history so evidence stays reusable between reviews.
Common coverage includes Vulnerability scanning.
No compliance guarantees. We'll confirm what's automated and what stays export-based.
At a Glance
Best for
Continuous checks and evidence capture
Auth
API key
Cadence
Every 6 hours
Setup time
10 to 20 minutes
Framework coverage
Aurora Essentials (Baseline Control Set) and 36 more
Artifacts reviewers recognize. Preview sample structures before you share anything.
Setup
01
Connect Tenable.io
Sign-in method: API key. Start with least-privilege access where supported.
02
Confirm Evidence Sources and Cadence
Confirm evidence sources and set cadence (every 6 hours).
03
Validate Capture (Read-Only Where Possible)
Validate evidence capture in read-only mode (where possible) before expanding workflows.
04
Map Evidence to Controls
Map captured artifacts to controls (1 mapped control listed).
05
Bundle evidence when needed
Export an evidence bundle (ZIP) when you need an offline attachment. Aurora keeps the underlying source and timestamps so the work stays reusable.
What This Integration Captures
What Aurora monitors
1 continuous check
Vulnerability scans run within last 7 days
Evidence Aurora can collect
2 evidence types
Asset • Findings
How it stays current
Incremental updates every 6 hours. Full refresh daily.
Checks update as new data is synced.
Checks
Automated checks Aurora can run
Checks map directly to common buyer requirements. Reviewers see the result as exportable evidence, not a screenshot.
Vulnerability scans run within last 7 days
Evidence
Evidence types collected
These evidence objects can be mapped to controls and exported as an evidence bundle or audit workbook snapshot.
Produces
- Evidence objects with source details
- Freshness and cadence status
- Evidence bundle exports (plan-based)
Security Note
Read-only API, scoped credentials, and an audit trail (where supported by the connector and your environment).
Cadence Controls
Incremental updates every 6 hours. Full refresh daily.
Why It Matters for Reviewers
- Reduces “show me” follow-ups by attaching system exports to answers.
- Keeps timestamps explicit for audit windows.
- Makes sampling easier through evidence bundles.
Controls and Frameworks Impacted
Aurora Essentials (Baseline Control Set)
AURORA_ESS
1 control
AWS Foundational Technical Review (FTR) Validation Checklist
AWS_FTR
1 control
CSA Consensus Assessments Initiative Questionnaire (CAIQ) v4.0.3
CAIQ
1 control
CSA Cloud Controls Matrix (CCM) v4.0.12
CCM
1 control
CIS Controls v8
CIS
1 control
FBI CJIS Security Policy
CJIS
1 control
CMMC 2.0 Level 1 (Foundational)
CMMC
1 control
COBIT 2019 Framework: Governance and Management Objectives
COBIT
1 control
APRA CPS 234 — Information Security
CPS234
1 control
Cyber Risk Institute Profile (CRI)
CRI_PROFILE
1 control
Custom Frameworks (template)
CUSTOM
1 control
DORA (Digital Operational Resilience Act)
DORA
1 control
Tenable.io Integration Questions
Does this require admin access?
Does this require admin access?
It depends on the evidence you choose to capture. We'll confirm required permissions during setup.
Can we control cadence?
Can we control cadence?
Yes. In eligible plans, cadence is configurable.
Can we export evidence if a reviewer asks?
Can we export evidence if a reviewer asks?
Yes, when needed. You can export evidence bundles for offline attachments, or share a controlled reviewer view through Trust Center. Aurora keeps the source and timestamps so the work stays reusable between reviews.
Want to Confirm Evidence Coverage for Tenable.io?
Bring one reviewer request. We'll map what can be automated, what stays manual, and how to share it in a controlled way.
No obligation. We respond within one business day. No compliance guarantees.