> ## Documentation Index
> Fetch the complete documentation index at: https://docs.tracecat.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Tenable Security Center

> Reference for the Tracecat Tenable Security Center integration: registered actions, required secrets, expected inputs, and example workflow usage.

## Create active scan

Action ID: `tools.tenable_sc.create_active_scan`

Create a Tenable Security Center scan using an existing policy and set of assets or targets.

Reference: [https://docs.tenable.com/security-center/api/Scan.htm](https://docs.tenable.com/security-center/api/Scan.htm)

### Secrets

Required secrets:

* `tenable_sc`: required values `TENABLE_SC_ACCESS_KEY`, `TENABLE_SC_SECRET_KEY`.

### Input fields

<ParamField path="name" type="string" required>
  Name of the scan to create.
</ParamField>

<ParamField path="repository_id" type="integer" required>
  Repository ID targeted by the scan.
</ParamField>

<ParamField path="asset_ids" type="array[integer]">
  Asset object IDs that the scan should target.

  Default: `[]`.
</ParamField>

<ParamField path="base_url" type="string | null">
  Tenable Security Center base URL (e.g. [https://security-center.example.com](https://security-center.example.com)).

  Default: `null`.
</ParamField>

<ParamField path="credentials" type="array[object]">
  Credential objects to use for authenticated scanning.

  Default: `[]`.
</ParamField>

<ParamField path="description" type="string | null">
  Optional scan description shown in Tenable Security Center.

  Default: `null`.
</ParamField>

<ParamField path="ip_list" type="string | null">
  Comma-separated list of additional targets/IP ranges.

  Default: `null`.
</ParamField>

<ParamField path="policy_id" type="integer | null">
  Policy ID to associate with the scan (required for policy scans).

  Default: `null`.
</ParamField>

<ParamField path="scan_type" type="string">
  Scan type (e.g. policy, discovery, agent).

  Default: `"policy"`.
</ParamField>

<ParamField path="verify_ssl" type="boolean">
  Whether to verify TLS certificates when calling the API.

  Default: `true`.
</ParamField>

## Run analysis query

Action ID: `tools.tenable_sc.run_analysis_query`

Execute a Tenable Security Center analysis query (e.g. vuln details for a scan).

Reference: [https://docs.tenable.com/security-center/api/Analysis.htm](https://docs.tenable.com/security-center/api/Analysis.htm)

### Secrets

Required secrets:

* `tenable_sc`: required values `TENABLE_SC_ACCESS_KEY`, `TENABLE_SC_SECRET_KEY`.

### Input fields

<ParamField path="scan_id" type="integer" required>
  ID of the scan whose results the query should evaluate.
</ParamField>

<ParamField path="analysis_type" type="string">
  Analysis type to pass to the Analysis API.

  Default: `"vuln"`.
</ParamField>

<ParamField path="base_url" type="string | null">
  Tenable Security Center base URL (e.g. [https://security-center.example.com](https://security-center.example.com)).

  Default: `null`.
</ParamField>

<ParamField path="end_offset" type="integer">
  Ending offset for pagination.

  Default: `100`.
</ParamField>

<ParamField path="query" type="object">
  Tenable Security Center analysis query block (tool, type, filters, etc.).

  Default: `{
      "tool": "vulndetails",
      "type": "vuln"
    }`.
</ParamField>

<ParamField path="sort_dir" type="string">
  Sort direction for the results.

  Default: `"desc"`.
</ParamField>

<ParamField path="sort_field" type="string">
  Field to sort results by.

  Default: `"severity"`.
</ParamField>

<ParamField path="source_type" type="string">
  Result source type (e.g. individual, cumulative, lce).

  Default: `"individual"`.
</ParamField>

<ParamField path="start_offset" type="integer">
  Starting offset for pagination.

  Default: `0`.
</ParamField>

<ParamField path="verify_ssl" type="boolean">
  Whether to verify TLS certificates when calling the API.

  Default: `true`.
</ParamField>

<ParamField path="view" type="string">
  View applied to the result set (e.g. all, exploitable, accepted).

  Default: `"all"`.
</ParamField>