All Apps and Add-ons
Highlighted

How do I ingest Nessus Compliance scan results

New Member

Splunk will ingest the scan reports but it only reports the plugin data not that actual compliance scans. The compliance scans can be exported in .nessus .html .csv formats but the App does not appear to recognize this. is this a limitation of the Nessus API?

using Nessus Pro 6.8.1

0 Karma
Highlighted

Re: How do I ingest Nessus Compliance scan results

Path Finder

We had that issue as well for the .nessus files and our Splunk consultant figured out how to make it work back in 2015. We have since moved away from the .nessus files and instead just use the API which is working well and no longer requires manual intervention. We are using this with Splulnk 6.4.2 and the Splunk Add-on for Nessus 4.0.0. We plan on upgrading to 5.0.0 soon.

We configured the Nessus Add-on with two inputs. Maybe you need to configure the nessusscan in addition to nessusplugin.

  • nessus_plugin
  • nessus_scan

We generated the two keys through the Nessus Pro GUI. We used the same keys for both inputs.
Settings, Account, click on the user, selected API Keys and then Generate.

  • Access Key
  • Secret Key

I hope this helps.