Re: Splunk Add-on for Nessus: How to Import Nessus...

Rebeccakettler · ‎07-13-2015

Hi

I set up the Splunk Add-on for Nessus, but I do not see any of the Solution or Plugin output data in the results. I need those for my reports. Has anyone accomplished this or know how to do it?

sspinner · ‎10-01-2015

Please take the below with a grain of salt. This solution appears to work, but I haven't extensively test it.

I just installed this add-on yesterday and ran into the same question. It turns out that the scripted input, nessus2splunk.py, parses the plugin_output tag in the source xml, but doesn't write it to the munged file that is sent to $SPLUNK_HOME/var/spool. The simple answer seems to be to edit the python script, $SPLUNK_HOME/etc/apps/Splunk_TA_nessus/bin/nessus2splunk.py, and add the single line:

('plugin_output', 'Data', str),

just below line 339 making sure the indentation (using spaces not tabs) matches up with the surrounding lines. When you're done, a simple diff of the revised file with the original file gives:

diff revised.nessus2splunk.py nessus2splunk.py
340d339
<             ('plugin_output', 'Data', str),

rajbir1 · ‎11-09-2015

I tried this but it didn't work in my case.

Splunk Add-on for Nessus: How to Import Nessus Solution and Plugin Output data?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!