[meta] Update Tenable IO integration to Leverage Native Cloud Security Workflows

[kcreddy]

As part of effort to leverage Cloud Security workflows such as Elastic CSPM and CNVM for 3rd party integrations, the vulnerabilities data from Tenable IO needs to be enriched just like previous enhancements for Wiz, AWS Security Hub, and Qualys VMDR.

For this work, the tenable_io.vulnerabilities data stream which ingests exported vulnerabilities of assets must be enriched to support Elastic CNVM workflow.

Tasks:

• Get access to Tenable IO environment.
• Setup Tenable IO in demo cluster.
• Analyse required mapping changes for Tenable IO and get feedback from Cloud team.
• TenableIO: Implement mappings for Cloud Security Workflows #12826
• TenableIO: Implement transform for Cloud Security Workflows #12827

cc: @narph

[elasticmachine]

Pinging @elastic/security-service-integrations (Team:Security-Service Integrations)

[kcreddy]

Hey @cpascale43,
I would need the credentials for Tenable IO to get started on this work. If we don't have the environment, we will have to reach out to Tenable and get its license.

cc: @narph @jamiehynds

[kcreddy]

Closing this as all requirements have been implemented:

• Setup Tenable data in SEI cluster.
• Approval of proposed mapping changes.
• Add required mappings and transform: tenable_io: Add mappings and transform for Cloud Detection and Response (CDR) workflow #13636