# Tenable Attack Surface Management

Copy as Markdown[Open in ChatGPT](https://chatgpt.com/?q=Read%20https%3A%2F%2Fcoralogix.com%2Fdocs%2Fintegrations%2Fsecurity%2Ftenable-asm.md%20and%20help%20me%20with%20my%20question%20about%20this%20Coralogix%20documentation%20page.)[Open in Claude](https://claude.ai/new?q=Read%20https%3A%2F%2Fcoralogix.com%2Fdocs%2Fintegrations%2Fsecurity%2Ftenable-asm.md%20and%20help%20me%20with%20my%20question%20about%20this%20Coralogix%20documentation%20page.)

## Overview[​](#overview "Direct link to Overview")

Tenable Attack Surface Management (ASM) continuously discovers the internet-facing assets that make up your organization's external attack surface — hostnames, IP addresses, open ports, and detected CVEs. This integration pulls your ASM asset inventory into Coralogix, where you can investigate it alongside the rest of your telemetry and retain it to meet compliance requirements.

It collects one data type:

* **Assets** — the external attack surface assets discovered for your organization, including hostname, IP address, DNS record type, severity ranking, open ports, and detected CVEs.

The first collection performs a one-time full inventory backfill and can ingest a large volume of records, depending on the size of your attack surface; later collections capture only assets whose metadata changed since the previous run. Collection runs about once a minute.

## What you need[​](#what-you-need "Direct link to What you need")

* A Tenable Attack Surface Management subscription.
* A Tenable ASM API key.
* Permission to create integrations in your Coralogix account.

## Prepare an API key in Tenable ASM[​](#prepare-an-api-key-in-tenable-asm "Direct link to Prepare an API key in Tenable ASM")

1. Log in to your Tenable Attack Surface Management console.

2. Open **Settings**, then select **API Keys**.

3. Generate an API key and copy it.

   Note

   Store the key securely — it will be used in the steps below.

The API key inherits the permissions of the user it belongs to. Use a user that can view the asset inventory.

## Set up[​](#set-up "Direct link to Set up")

1. From your Coralogix toolbar, navigate to **Data Flow** > **Integrations**, select **Tenable Attack Surface Management**, and select **Connect**.

2. Select **Add New**.

3. Define the integration settings:

   <!-- -->

   * **Integration name** — a meaningful name for this integration.
   * **Application name** — the Coralogix application name to ingest under.
   * **Subsystem name** — the Coralogix subsystem name to ingest under.
   * **Endpoint** — the base URL of your Tenable ASM instance. Defaults to `https://asm.cloud.tenable.com`.
   * **API key** — the API key you copied from Tenable ASM.
   * **Assets** — select to collect external attack surface assets.

4. Select **Create**. Coralogix validates the credentials against the ASM inventory API; if validation fails, the error message indicates whether the API key or the endpoint URL is the problem.

## Log format[​](#log-format "Direct link to Log format")

Each collected asset is ingested as a log with the Tenable ASM record nested under a `tenable_asm` top-level field:

```
{

  "tenable_asm": {

    "...": "the Tenable ASM asset record"

  }

}
```

## Validate the integration[​](#validate-the-integration "Direct link to Validate the integration")

In **Explore**, filter by the application and subsystem names you configured. You should see logs whose body contains a top-level `tenable_asm` field with asset properties such as `bd.hostname`, `bd.ip_address`, and `bd.last_metadata_change`.

## Troubleshoot common issues[​](#troubleshoot-common-issues "Direct link to Troubleshoot common issues")

**No data appears after setup.** Cause: the API key is invalid, or the endpoint URL is wrong. Fix: confirm the **Endpoint** matches your ASM instance and regenerate the API key in Tenable ASM if needed.

**Data stops after the initial backfill.** Cause: assets are collected incrementally based on their last metadata change, so quiet periods are normal. New records appear when ASM discovers new assets or updates existing ones.

## Related resources[​](#related-resources "Direct link to Related resources")

* [Tenable Attack Surface Management documentation](https://docs.tenable.com/attack-surface-management.htm)
* [Tenable developer portal](https://developer.tenable.com/reference/navigate)
