topic Re: Why aren't the severity numbers from Tenable in Splunk not matching the numbers in Security Center? in All Apps and Add-ons

Why aren't the severity numbers from Tenable in Splunk not matching the numbers in Security Center?

bcyates — Mon, 30 Apr 2018 17:14:26 GMT

We are using the add-on to ingest data from Nessus SecurityCenter into Splunk. However, the numbers do not match up. Week-long searches in SecurityCenter show numbers different from week-long searches in Splunk when we do a timechart. For example, on the day of the last scan, the numbers for critical and high are off by ~200, but the mediums are off by ~2500+. Is there something we can dedup by, or a way to get the numbers closer? We have little confidence in the accuracy of what's in Splunk since the numbers are so far off of what is in SecurityCenter

Re: Why aren't the severity numbers from Tenable in Splunk not matching the numbers in Security Center?

xpac — Mon, 30 Apr 2018 18:31:33 GMT

Are your numbers in Splunk too high or too low?

Re: Why aren't the severity numbers from Tenable in Splunk not matching the numbers in Security Center?

bcyates — Mon, 30 Apr 2018 18:35:33 GMT

It depends on the severity. Criticals and highs area little too low, but mediums are way too high

Re: Why aren't the severity numbers from Tenable in Splunk not matching the numbers in Security Center?

itsGhisla1n — Mon, 19 Aug 2024 07:35:06 GMT

Any solution for this issue?