Connectors

With third-party data connectors, you can import assets from other platforms into Tenable Vulnerability Management. Vulnerability Management supports programmatic interaction with the following connectors:

  • Amazon Web Services (AWS)
  • Google Cloud Platform (GCP)
  • Microsoft Azure

Use the API to perform a standard set of CRUD operation on connector objects, and then use the connectors to import asset data by scheduling or running on-demand import jobs. For background information about connectors, see Tenable Vulnerability Management User Guide.

Connector Error Mapping

You can troubleshoot connector problems (for example, caused by authentication errors or insufficient permissions) using the error codes in the status_message property of connector objects returned by the GET /settings/connectors and GET /settings/connectors/{connector_id}.

Amazon Web Services (AWS)

Error CodeDescription
AWS_INSUFFICIENT_PERMISSIONS_ERRORInsufficient AWS permissions.
AWS_INVALID_CREDENTIALS_ERRORAWS credentials are invalid.
AWS_INVALID_KEYSInvalid access key or secret key.
AWS_INVALID_REGION_ERRORInvalid AWS region.
AWS_INVALID_TRUSTTrust relationship not configured correctly.
AWS_MISSING_CT_PERMAuthorization error: cloudtrail:LookupEvents permission required.
AWS_MISSING_EC2_PERMAuthorization error: Read-only EC2 permission required.
AWS_SUBACCOUNT_ERRORInvalid linked account.
AWS_UNAVAILABLE_ERRORAWS is not available (retry).
AWS_UNKNOWN_ERRORUnknown AWS connector error (usually due to invalid or malformed account ID).

Google Cloud Platform (GCP)

Error CodeDescription
GCP_CORRUPT_SA_PRIVATE_KEYCorrupted service account private key.
GCP_INTERNAL_ERRORInternal error.
GCP_INVALID_EMAIL_OR_USERIDInvalid email or user ID.
GCP_INVALID_PROJECT_IDInvalid project ID.
GCP_INVALID_SA_KEYserviceAccountKey is invalid.
GCP_KEY_DECODE_FAILUREUnable to decode service account key for connector.
GCP_PERM_MISSING_COMPUTE_LISTAuthorization error: compute.instances.list permission required.
GCP_PERM_MISSING_LOGGING_LISTAuthorization error: logging.logServiceIndexes.list and logging.logServices.list permission required.
GCP_RETRIEVE_CREDENTIAL_FAILURECould not retrieve credentials for connector.
GCP_UNAUTHORIZEDAuthentication error.

Microsoft Azure

Error CodeDescription
AZURE_DISALLOWED_OPERATIONSubscription type is not permitted to perform operations.
AZURE_EXPIRED_CLIENT_SECRET_KEYSClient secret keys have expired.
AZURE_INVALID_APPLICATION_IDInvalid application ID.
AZURE_INVALID_CLIENT_SECRETInvalid client secret.
AZURE_INVALID_SUBSCRIPTION_IDInvalid subscription ID.
AZURE_INVALID_TENANT_IDInvalid tenant ID.
AZURE_NEEDS_READER_ROLEApplication ID does not have the Reader role.
AZURE_NONRESPONSIVE_REGIONSome regions failed to respond with log data.