# Tenable MCP

> Tenable MCP Server manages your entire vulnerability lifecycle inside your AI client. It lets you inspect cloud assets, list configured scans, and triage CVE findings against specific infrastructure—all without leaving your IDE or chat window. You can manually trigger assessments, check scanner health, and map out complex network topologies by calling tools like `list_assets` and `get_asset_vulnerabilities`. Stop clicking through dashboards; start asking questions.

## Overview
- **Category:** fort-knox
- **Price:** Free
- **Tags:** cybersecurity, exposure-management, asset-intelligence, cve-triage, vulnerability-assessment, cloud-security

## Description

Tenable MCP Server connects your whole Tenable environment (Tenable.io) directly to your AI client. You manage vulnerability risk right in your chat or IDE. This server takes complex security workflows and turns them into simple questions for your agent.

**Inventory and Scope Mapping:**
You can start by getting a list of every host and cloud asset Tenable has found using `list_assets`. Need more detail? Call `get_asset_details` to pull the full metadata, networking info, and risk profile for any single asset ID. You can also check out all operational folders where scan jobs are filed with `list_scan_folders`, or review what logical routing networks govern your assets by calling `list_logical_networks`. If you need to know which scanners Tenable runs, use `list_scanners` to see the physical and virtual Nessus units. To narrow down what's important, run `list_asset_tags` to pull all organizational tags mapped across your infrastructure, like 'Production' or 'External'.

**Running Assessments:**
Want to start a scan right now? You can manually trigger an immediate assessment using `launch_scan`, and the tool gives you the new run ID. If you want to see what scans ran before or are scheduled for later, use `list_scans` to pull that list. For a completed job, call `get_scan_results` to get real-time analytics and summary data from a specific scan job.

**Deep Dive Analysis:**
When you’ve got the asset list, you can drill down into vulnerabilities. To pull explicit security findings (Workbench results) for just one asset ID, use `get_asset_vulnerabilities`. This tool pinpoints exact CVEs without forcing you to navigate complex UI sections. For a single piece of infrastructure, running `get_asset_details` gives you the OS fingerprints and IP addresses needed before you even check for flaws.

**Operational Checks:**
Your agent can also keep an eye on Tenable's operational status. You can review the current plugin health and overall performance of the internal scanning fleet by listing scanners, ensuring your data is solid before running anything major.

## Tools

### get_asset_details
Retrieves detailed metadata, networking info, and risk profile for one specific asset ID.

### get_asset_vulnerabilities
Pulls explicit security findings (Workbench) for a single asset ID.

### get_scan_results
Retrieves run-time analytics and vulnerability summaries for a specific scan job.

### launch_scan
Manually triggers an immediate assessment of a configured vulnerability scan, returning the new run ID.

### list_asset_tags
Lists and filters organizational tags that are mapped across your assets (e.g., 'Production', 'External').

### list_assets
Generates a list of all host and cloud assets discovered in Tenable.io.

### list_logical_networks
Lists the defined logical routing networks that govern your asset groupings within Tenable.

### list_scan_folders
Lists operational folders where scan jobs are organized (e.g., 'My Scans', 'PCI Quarters').

### list_scanners
Lists the physical and virtual Nessus scanners that Tenable manages.

### list_scans
Lists all past and scheduled vulnerability assessment scans available in your account.

## Prompt Examples

**Prompt:** 
```
Find the status and schedule of the 'Weekly PCI Scan'.
```

**Response:** 
```
I've queried your configured scans. The 'Weekly PCI Scan' is currently 'enabled' and actively on schedule (UUID: eb92f03f-xxxx). It is mapped to the 'PCI Quarters' logical folder. Last execution was 4 days ago. Do you want me to list its historical results?
```

**Prompt:** 
```
Retrieve all extreme vulnerabilities on asset ID 1383da-xxx.
```

**Response:** 
```
I pulled the Workbench findings for asset 1383da-xxx. I found 3 critical severity issues detected via plugin 104743 (Windows OTD exploit) and plugin 51192 (OpenSSL RCE). It seems the host is missing 4 months of standard OS patches. Shall I provide the exact CVE payload?
```

**Prompt:** 
```
Launch the scan with ID a981bf93 immediately.
```

**Response:** 
```
Scan a981bf93 has been successfully commanded to start. The job run ID is c2f90a1-xxxxx. It has been pushed to the scanner queues and will evaluate all tied network zones independently. Let me know when you want to retrieve the results.
```

## Capabilities

### Get Asset Metadata
Retrieves detailed operational data—like OS fingerprints, IPs, and tags—for a specific piece of infrastructure.

### Identify Specific Vulnerabilities
Pulls security findings (Workbench results) for one asset, pinpointing exact CVEs without navigating complex UI sections.

### Execute and Monitor Scans
Manually starts a configured vulnerability scan or fetches the detailed performance metrics from completed scans.

### Map Network Scope
Lists all discovered hosts, cloud assets, logical networks, and operational scanner groups within your Tenable account.

### Check Scanner Health
Reviews the current status and plugin health of the internal scanning fleet to ensure data integrity.

## Use Cases

### The Immediate Breach Assessment
A server alerts you to a potential breach on Asset ID 1383da-xxx. Instead of jumping through the web UI, your agent calls `get_asset_vulnerabilities` immediately. It returns three critical findings (like Windows OTD exploit) and tells you that the host is missing four months of patches. Problem solved in seconds.

### The Compliance Audit
You need to confirm all 'Production' assets were scanned last quarter for PCI compliance. The agent first runs `list_asset_tags` to get the list, then uses that filter with `list_scans` to check if a corresponding scan job exists and was recently run.

### The New Deployment Check
A new development environment goes live. Instead of waiting for the nightly scan cycle, you tell your agent to use `launch_scan` on that specific asset group. The system runs the scan and provides a job ID, letting you monitor its progress directly.

### Network Topology Review
You suspect two different network segments might be overlapping or misconfigured. Your agent first uses `list_logical_networks` to see the defined boundaries, and then calls `list_assets` to cross-reference which assets belong in those spaces.

## Benefits

- **Stop searching dashboards.** Instead of navigating through multiple tabs to find a host's vulnerability profile, use `get_asset_vulnerabilities` to pull specific CVE findings instantly. This saves minutes on every incident response.
- **Get immediate action.** Don't wait for the scheduled window to run a critical check. Use `launch_scan` to manually trigger an assessment immediately, getting a new job ID right away.
- **Know your scope.** When you need to audit compliance or check blast radius, use `list_assets` to get a clean inventory list and then filter it with tags via `list_asset_tags`. No more guessing what was missed.
- **Deep dive on one asset.** Need to know if Asset X is secure? Call `get_asset_details` first for its OS fingerprint, then use that context to call `get_asset_vulnerabilities`. It's a two-step process in natural language.
- **Manage the whole system.** Use `list_scanners` and `list_scan_folders` together. You can audit if your scanning infrastructure is healthy *and* where its reports are filed, all without logging into Tenable.

## How It Works

The bottom line is, your AI client performs the complex API calls for you. You just talk to it.

1. Subscribe to the server and provide your Tenable Access Key and Secret Key.
2. Ask your AI client a specific question (e.g., 'List all assets tagged as Production').
3. The agent calls the appropriate tool (like `list_assets` or `get_asset_details`) and returns the structured data directly to you.

## Frequently Asked Questions

**How does list_assets differ from get_asset_details?**
list_assets gives you a comprehensive list of every host and cloud asset discovered in your environment. get_asset_details requires you to provide a specific Asset ID, and it returns the deep metadata (OS fingerprint, tags) for only that single item.

**Can I run a scan without using launch_scan?**
No. While you can view past results with `get_scan_results`, you must use `launch_scan` to initiate any new, live assessment job on demand.

**What should I check before trusting the vulnerability data?**
Check scanner health first. Run `list_scanners` and verify that plugins are active. This confirms the underlying tools used for detection are up to date and functioning correctly.

**How do I find out which assets belong in a specific network?**
You start by calling `list_logical_networks` to see the defined boundaries, and then you use the list of tags from `list_asset_tags` to narrow down your asset scope.

**I need historical results. Which tool should I use?**
Use `get_scan_results`. This function is designed specifically to retrieve runtime analytics and summary data for a previously executed scan job ID, giving you the performance metrics you want.

**What credentials must I provide to successfully use tools like `list_scanners`?**
You need your Tenable Access Key and Secret Key. These keys authenticate your agent, giving it permission to read and write data across your enterprise scanning fleet.

**When using `get_asset_vulnerabilities`, how do I narrow down the findings?**
You can filter results by severity level or specific plugin ID. Simply pass parameters like 'Critical' or a known CVE number to limit what the tool returns.

**What does `list_scanners` show me about my operational fleet health?**
This command lists all Nessus scanners managed by Tenable.io. It lets you verify plugin status and confirm if your entire scanning infrastructure is fully active before running any jobs.

**Can my AI agent trigger vulnerability scans directly?**
Yes! You can ask your agent to list all mapped scan profiles. Once you copy the ID for something like 'External Perimeter Quick Scan', you can tell the agent to seamlessly launch that specific scan ID out of standard bounds.

**How easy is it to investigate an alert about a single compromised asset?**
Extremely fast. If an IP triggers an alert downstream, ask your agent to retrieve asset details tracking that IP, obtain its specific Asset ID, and immediately pull vulnerabilities. You will instantly get a markdown table of CVEs missing on the endpoint without complex GUI clicking.

**Can the agent interact with scanner appliances (Nessus)?**
Yes. It can fetch your entire scanner inventory across Tenable.io. This includes the internal Nessus agents linked to the account, their connection status, license states, and underlying software versions so you know if your fleet is healthy.