# Tenable Security Center Integration Guide

This guide walks you through creating a **Tenable Security Center (SC)** integration.

> **Version note:** API key authentication requires Tenable Security Center **5.13.x or later**. The exact navigation paths below reflect the 6.x UI — earlier versions may present these settings in a different location, but the concepts are the same.


## Prerequisites

An Administrator must enable API key authentication at the system level before any user can generate API keys.

### Enable API Key Authentication (Administrator only)

1. Log in to Tenable Security Center as an **Administrator**.
2. In the left navigation, go to **System → Configuration**.
3. Click the **Security** tile.
4. In the **Authentication Settings** section, enable the **Allow API Keys** toggle.
5. Click **Submit**.


This only needs to be done once. If API keys are already enabled in your environment, skip to the next section.

## Create a Service Account for the Integration

We recommend using a dedicated service account rather than a personal user account for production integrations.

1. Log in as an **Administrator** or **Security Manager**.
2. Navigate to **Users → Users**.
3. Create a new organizational user with the **Vulnerability Analyst** role at minimum.
  - In Tenable’s [User Roles](https://docs.tenable.com/security-center/Content/UserRoles.htm) documentation, **Vulnerability Analyst** may view security data, share objects, view logs, and use tickets — typically enough for this integration’s read-only use of vulnerability and asset data through the analysis API. If your org has customized those role permissions, you may need to adjust them or choose a different role.
  - **Security Analyst** is **more** capable than **Vulnerability Analyst** (Tenable: all organization-level actions except managing groups and users, including tasks like freeze windows and plugin updates). Use it only if **Vulnerability Analyst** hits permission errors or your policy requires that tier for integration accounts.
4. Assign the user to the appropriate **repository** so it has access to the vulnerability data you want to sync.


## Generate API Keys

1. Navigate to **Users → Users**.
2. Right-click the row for the service account you created (or select its checkbox).
3. From the actions menu, click **API Keys → Generate API Key**.
4. Confirm by clicking **Generate**.
5. Copy both the **Access Key** and **Secret Key** and store them securely.


> **Important:** The secret key is only shown once. If you lose it, you must generate new keys, which will invalidate the previous ones.


## Configure the Integration

Create your integration by supplying all configuration values.

**Base URL:**
The URL of your Tenable Security Center instance (e.g. `https://tenablesc.example.com`)

**API Keys (Secret):**
`accesskey=<access-key>; secretkey=<secret-key>;`

Copy the keys from the step above. Note the format: lowercase field names, `=` separators, and semicolons after each value.