All Apps and Add-ons

How to make the Nessus plugin output available in Splunk events?

nagapakatuta
Engager

Can anyone give me an insight on how to make a Nessus plugin output available in Splunk? I would like to make a dashboard for expiring SSL certificates based on the Nessus scanned results.

I tried to use Nessus plugin "SSL Certificate Expiry - Future Expiry = Plugin ID 42981". The events in Splunk do not include the plugin's output.

Nessus plugin output should like below:
Output
The SSL certificate will expire within 60 days, at
Apr 12 12:48:49 2018 GMT :
Subject : CN=test.websitename.com
Issuer : CN=test.websitename.com
Not valid before : Oct 19 12:48:49 2017 GMT
Not valid after : Apr 12 12:48:49 2018 GMT

Many thanks in advance.

kukoo23
Engager

Add parameter --pluginoutput True to your local/input.conf

[script://./bin/nessus2splunk.py --pluginoutput True ]

By default Nessus2Splunk.py is not indexing plugin_output

(bin/nessus2plunk.py)
parser.add_argument('-p', '--pluginoutput',
dest='pluginoutput',
type=bool,
action='store',
help='If need to index the plugin_output element',
default=False)

0 Karma

cnestrud
Explorer

I'm also having this problem. There are several fields including Synopsis, Description, Solution, See Also, and Plugin Output that I would like for Splunk to index. Please let me know if you came up with any solution.

0 Karma
Get Updates on the Splunk Community!

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

At Splunk Education, we’re dedicated to providing top-tier learning experiences that cater to every skill ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...