If you’ve spent any time in a security operations role, you know the drill: log into Tenable, navigate to the right scan, filter by severity, export a report, cross-reference against a ticket. It’s not hard, it’s just slow – and it’s the kind of repetitive context-switching that adds up across a day.
I wanted to fix that. So I built an MCP server that lets Claude talk directly to Tenable Vulnerability Management.
What is MCP?
MCP (Model Context Protocol) is an open standard from Anthropic that lets AI assistants call external tools and APIs in a structured, secure way. Instead of copy-pasting data into a chat window, you give Claude a set of tools it can invoke – and it calls them when it needs to, just like a developer would call an API.
What I Built
The server exposes 26 tools across every major area of the Tenable API:
- Assets – list, search, get details, bulk export
- Vulnerabilities – query by host, query org-wide, get plugin details with remediation guidance, bulk export with filters
- Scans – full lifecycle: list, launch, pause, resume, stop, create with scheduling, delete, and generate PDF/CSV/HTML reports
- Scan Policies – list, inspect, create from templates, delete
- Exports – bulk async vulnerability, asset, and compliance exports
- Workbench – interactive filtered queries across the whole environment
The whole thing is built in Python using FastMCP and pyTenable, Tenable’s official Python SDK.
What It Actually Looks Like
Once the server is running and connected to Claude, you just ask questions:
“Show me all critical vulnerabilities that are currently open”
“What vulnerabilities does db01 have, and what’s the remediation for the worst one?”
“Create a weekly scan targeting 10.0.0.0/8 every Monday at 2am Eastern”
“Generate a PDF report for the External Vulnerability Scan”
“How many assets are running Windows Server 2019 and what’s their average exposure score?”
Claude pulls the data, reasons over it, and gives you an answer or takes the action. No dashboard navigation required.
Mock Mode for Safe Development
The server ships with a mock mode backed by realistic JSON fixtures. Set TENABLE_MOCK=true and the server runs end-to-end without touching your real Tenable environment. This made development fast and makes it easy to hand off without worrying about credential management on day one. Switching to live data is one env var change.
Getting Started
git clone https://github.com/chrisalibby/tenable_mcp.git
cd tenable_mcp
uv sync
uv run pytest # 39 tests, all green
For Claude Code, the .mcp.json in the project root registers the server automatically. For Claude Desktop, add it to ~/Library/Application Support/Claude/claude_desktop_config.json.
Full setup instructions and example prompts are in the README.
What’s Next
A few things I want to add:
- Tag management (create/assign/delete asset tags)
- Agent group queries
- A natural-language vulnerability summary prompt that generates an executive-ready digest
If you’re running Tenable and want to stop living in the dashboard, give it a try.