All Apps and Add-ons

Splunk Add-on for Nessus: How can I retrieve scan results?


I have setup the Nessus add-on and Splunk appears to be retrieving data via the API but the scans do not seem to provide any useful information. How can I have Splunk retrieve the actual results from the scan? This is with Nessus Pro. 6.5.4 and Splunk 6.3.1

Here is an example of one of the scans that appears when I search for sourcetype="nessus:scan":

control:  true 
count:  47 
edit_allowed:  true 
folder_id:  846 
hasaudittrail:  true 
haskb:  true 
host-fqdn:  rnxxxxx
host-ip:  10.xx.xx.xx
host_end:  Mon Feb 01 13:43:07 2016 
host_id:  2 
host_start:  Mon Feb 01 13:42:19 2016 
hostcount:  1 
hostname:  rnxxxxx
name:  Policy Audit Testing 
netbios-name:  RNxxxx
object_id:  1007 
pci-can-upload:  false 
plugin_family:  Port scanners 
plugin_id:  34220 
plugin_name:  Netstat Portscanner (WMI) 
policy:  QA - Win10 Audit Policy 
scan_end:  1454352190 
scan_start:  1454352139 
scan_type:  local 
scanner_end:  1454352187 
scanner_name:  Local Scanner 
scanner_start:  1454352139 
severity:  0 
severity_index:  1 
sid:  1007 
status:  completed 
targets:  RNxxxxx
timestamp:  1454352190 
user_permissions:  128 
uuid:  66dc112c-83cc-fb92-746d-1f13b987192fdab3db0239ddc279 
vuln_index:  2 


Hi jpolcari,

I had the same issue and changed for another app: This app downloads the data in JSON format with the full information we need. Try installing it.

Hope this helps.

0 Karma

New Member

If you ever found an answer to this I'd be interested as well. I have Nessus 6.5.5 and Splunk 6.3.3 and I am getting scan data, but something seems missing. The data contains information on the hosts, plugins, etc, as above, but there is very little information on the results on those scans like open ports, TLS versions...

0 Karma


Unfortunately, I have not found an answer to this yet. If I do, i'll be sure to share.

0 Karma
Get Updates on the Splunk Community!

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out >> 🏆 Check out the ...

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...