All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Description on scans using Splunk Add-On for Nessus

clymbouris
Path Finder
‎03-15-2014 03:06 AM

When exporting a scan to .nessus format for splunk parsing i'm missing the description field. This contains some neat info like solution, PCI references and web links. I can get that exporting to csv and then creating a lookup but maybe I'm missing something here?

I'm using Nessus 5.2.5

Many thanks

Costas

Tags (1)
0 Karma
Reply

Rebeccakettler
Path Finder
‎09-02-2016 11:37 AM

I added the .nessus file using the old method then I export the csv file then use the splunk spool to add it. Then I create a join to bring the .nessus results and the csv results togather. You have to join on multiple fields. It is a very costly search but it works since I deal with alot of data.

sourcetype=nessus
| rename dest as Host, signature_id as "Plugin ID, dest_ip as "Host_IP"
| join type=outer Host,"Plugin ID" [ search sourcetype=csv
| fields extracted_Host, "Plugin ID", "Plugin Output", Synopsis, Description, Solution, Protocol, "See Also"
| rename extracted_Host as Host ]
| table Host, "Host_IP", "Domain Name", etc...

Make sure you don't turn on use dns name in nessus because it will prevent you from using the IP as your primary key.

0 Karma
Reply

robert_bucko
New Member
‎03-02-2015 02:03 PM

any help?

It is very importent esspecialy for ..... Compliance Check where all points are the same plugin_id. Whitout filed name -> can not recognize which point are pass and which not

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Global Splunk User Group Events: May + June 2026

Your Splunk Community Awaits: Discover Upcoming User Group Events Worldwide    Staying ahead in the fast-paced ...