The BlueApp for Tenable.io provides a set of orchestration actions that you can use to streamline incident response activities in your USM Anywhere environment. The following table lists the available actions from the BlueApp.

Actions for the BlueApp for Tenable.io

Action	Description
Run Scan	Run this action to perform a vulnerability scan on an asset in the network
Run Scan with Tag	Run this action to perform a scan on all assets sharing the same tag
Create a Tag	Run this action to add a new tag in Tenable.io to be used later to group assets
Asset Discovery	Asset discovery for Tenable.io
Audit Events	Run this action to gather and record audit events
Add Tag	Run this action to create and assign a tag

To view information about these actions in USM Anywhere

1. In USM Anywhere, go to Data Sources > BlueApps.
2. Click the Available Apps tab.
3. Search for the BlueApp, and then click the tile.
4. Click the Actions tab to display information for the supported actions.
5. Click the History tab to display information about the executed orchestration actions.

Launch Actions from Vulnerabilities

You can launch an action directly from vulnerabilities, and from the Full Asset Details page. If you want to apply an action to similar vulnerabilities that occur in the future, you can also create orchestration rules directly from the action applied to a Vulnerability.

To launch a Tenable.io response action for a vulnerability

1. Go to Environment > Vulnerabilities.
   Click the Vulnerability to open the details.
2. Click Select Action.

3. In the Select Action dialog box, select Run Tenable.io Action.

4. Select the app action and fill out the fields that are populated below.

5. Click Run.

   After USM Anywhere initiates the action for a vulnerability, it opens a confirmation dialog box.

   If you want to create a rule to apply the action to similar items that occur in the future, click Create rule for similar vulnerabilities and define the new rule. If not, click OK.