Connectors
With third-party data connectors, you can import assets from other platforms into Tenable Vulnerability Management. Vulnerability Management supports programmatic interaction with the following connectors:
- Amazon Web Services (AWS)
- Google Cloud Platform (GCP)
- Microsoft Azure
Use the API to perform a standard set of CRUD operation on connector objects, and then use the connectors to import asset data by scheduling or running on-demand import jobs. For background information about connectors, see Tenable Vulnerability Management User Guide.
Connector Error Mapping
You can troubleshoot connector problems (for example, caused by authentication errors or insufficient permissions) using the error codes in the status_message property of connector objects returned by the GET /settings/connectors and GET /settings/connectors/{connector_id}.
Amazon Web Services (AWS)
| Error Code | Description |
|---|---|
| AWS_INSUFFICIENT_PERMISSIONS_ERROR | Insufficient AWS permissions. |
| AWS_INVALID_CREDENTIALS_ERROR | AWS credentials are invalid. |
| AWS_INVALID_KEYS | Invalid access key or secret key. |
| AWS_INVALID_REGION_ERROR | Invalid AWS region. |
| AWS_INVALID_TRUST | Trust relationship not configured correctly. |
| AWS_MISSING_CT_PERM | Authorization error: cloudtrail:LookupEvents permission required. |
| AWS_MISSING_EC2_PERM | Authorization error: Read-only EC2 permission required. |
| AWS_SUBACCOUNT_ERROR | Invalid linked account. |
| AWS_UNAVAILABLE_ERROR | AWS is not available (retry). |
| AWS_UNKNOWN_ERROR | Unknown AWS connector error (usually due to invalid or malformed account ID). |
Google Cloud Platform (GCP)
| Error Code | Description |
|---|---|
| GCP_CORRUPT_SA_PRIVATE_KEY | Corrupted service account private key. |
| GCP_INTERNAL_ERROR | Internal error. |
| GCP_INVALID_EMAIL_OR_USERID | Invalid email or user ID. |
| GCP_INVALID_PROJECT_ID | Invalid project ID. |
| GCP_INVALID_SA_KEY | serviceAccountKey is invalid. |
| GCP_KEY_DECODE_FAILURE | Unable to decode service account key for connector. |
| GCP_PERM_MISSING_COMPUTE_LIST | Authorization error: compute.instances.list permission required. |
| GCP_PERM_MISSING_LOGGING_LIST | Authorization error: logging.logServiceIndexes.list and logging.logServices.list permission required. |
| GCP_RETRIEVE_CREDENTIAL_FAILURE | Could not retrieve credentials for connector. |
| GCP_UNAUTHORIZED | Authentication error. |
Microsoft Azure
| Error Code | Description |
|---|---|
| AZURE_DISALLOWED_OPERATION | Subscription type is not permitted to perform operations. |
| AZURE_EXPIRED_CLIENT_SECRET_KEYS | Client secret keys have expired. |
| AZURE_INVALID_APPLICATION_ID | Invalid application ID. |
| AZURE_INVALID_CLIENT_SECRET | Invalid client secret. |
| AZURE_INVALID_SUBSCRIPTION_ID | Invalid subscription ID. |
| AZURE_INVALID_TENANT_ID | Invalid tenant ID. |
| AZURE_NEEDS_READER_ROLE | Application ID does not have the Reader role. |
| AZURE_NONRESPONSIVE_REGION | Some regions failed to respond with log data. |
Updated 22 days ago