All Apps and Add-ons

How to import Nessus reports and see results

evang_26
Communicator

Hello users,

I recently installed Splunk add-on for Nessus hoping that it would be easy to somehow upload reports (even automatically) to compare results etc.

However, it seems that I cannot find how to do it.

Could you please help me a bit?

Kind regards,
Evangelos

1 Solution

jcoates_splunk
Splunk Employee
Splunk Employee

digging this one out of the archives...

  1. configure nessus or tenable security center to export xml reports into a spool directory
  2. point the add-on for nessus at this directory. It will parse the reports into splunk-friendly data.
  3. you may also want to configure the directory where the add-on for nessus will output the data, default is a local Splunk's input spool.

View solution in original post

0 Karma

lvsteche
New Member

With the default settings, the Nessus report files must be placed in the $SPLUNK_HOME/etc/apps/Splunk_TA_nessus/spool directory. The report files must be exported to the "dot nessus" XML format and have a file extension of .nessus.

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

digging this one out of the archives...

  1. configure nessus or tenable security center to export xml reports into a spool directory
  2. point the add-on for nessus at this directory. It will parse the reports into splunk-friendly data.
  3. you may also want to configure the directory where the add-on for nessus will output the data, default is a local Splunk's input spool.

View solution in original post

0 Karma

bachube
New Member

You need to use a forwarder.

0 Karma

evang_26
Communicator

So, none of you have any clue regarding this question?

Regards,
Evangelos

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!