Can anyone give me an insight on how to make a Nessus plugin output available in Splunk? I would like to make a dashboard for expiring SSL certificates based on the Nessus scanned results.
I tried to use Nessus plugin "SSL Certificate Expiry - Future Expiry = Plugin ID 42981". The events in Splunk do not include the plugin's output.
Nessus plugin output should like below:
Output
The SSL certificate will expire within 60 days, at
Apr 12 12:48:49 2018 GMT :
Subject : CN=test.websitename.com
Issuer : CN=test.websitename.com
Not valid before : Oct 19 12:48:49 2017 GMT
Not valid after : Apr 12 12:48:49 2018 GMT
Many thanks in advance.
Add parameter --pluginoutput True to your local/input.conf
[script://./bin/nessus2splunk.py --pluginoutput True ]
By default Nessus2Splunk.py is not indexing plugin_output
(bin/nessus2plunk.py)
parser.add_argument('-p', '--pluginoutput',
dest='pluginoutput',
type=bool,
action='store',
help='If need to index the plugin_output element',
default=False)
I'm also having this problem. There are several fields including Synopsis, Description, Solution, See Also, and Plugin Output that I would like for Splunk to index. Please let me know if you came up with any solution.