All Apps and Add-ons

Splunk Add-on for Nessus: How can I retrieve scan results?


I have setup the Nessus add-on and Splunk appears to be retrieving data via the API but the scans do not seem to provide any useful information. How can I have Splunk retrieve the actual results from the scan? This is with Nessus Pro. 6.5.4 and Splunk 6.3.1

Here is an example of one of the scans that appears when I search for sourcetype="nessus:scan":

control:  true 
count:  47 
edit_allowed:  true 
folder_id:  846 
hasaudittrail:  true 
haskb:  true 
host-fqdn:  rnxxxxx
host-ip:  10.xx.xx.xx
host_end:  Mon Feb 01 13:43:07 2016 
host_id:  2 
host_start:  Mon Feb 01 13:42:19 2016 
hostcount:  1 
hostname:  rnxxxxx
name:  Policy Audit Testing 
netbios-name:  RNxxxx
object_id:  1007 
pci-can-upload:  false 
plugin_family:  Port scanners 
plugin_id:  34220 
plugin_name:  Netstat Portscanner (WMI) 
policy:  QA - Win10 Audit Policy 
scan_end:  1454352190 
scan_start:  1454352139 
scan_type:  local 
scanner_end:  1454352187 
scanner_name:  Local Scanner 
scanner_start:  1454352139 
severity:  0 
severity_index:  1 
sid:  1007 
status:  completed 
targets:  RNxxxxx
timestamp:  1454352190 
user_permissions:  128 
uuid:  66dc112c-83cc-fb92-746d-1f13b987192fdab3db0239ddc279 
vuln_index:  2 


Hi jpolcari,

I had the same issue and changed for another app: This app downloads the data in JSON format with the full information we need. Try installing it.

Hope this helps.

0 Karma

New Member

If you ever found an answer to this I'd be interested as well. I have Nessus 6.5.5 and Splunk 6.3.3 and I am getting scan data, but something seems missing. The data contains information on the hosts, plugins, etc, as above, but there is very little information on the results on those scans like open ports, TLS versions...

0 Karma


Unfortunately, I have not found an answer to this yet. If I do, i'll be sure to share.

0 Karma
Get Updates on the Splunk Community!

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 2 releases of new security content via the ...

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We are happy to announce the 20 lucky questers who are selected to be the first round of Champion's Tribute ...