All Apps and Add-ons

Splunk Add-on for Tenable: How to troubleshoot why I am not getting any search results for sourcetype=nessus:plugin?

himapate
Explorer

Hi ,

I am not able to get the Nessus scan data ( Only informational Events ), whereas the Nessus result has medium and high count.
Also, when I search for sourcetype=nessus:plugin, there is no result popping up.

0 Karma

hunters_splunk
Splunk Employee
Splunk Employee

Hi himapate,

Are you sure you have collected data of the nessus:plugin sourcetype? The add-on supports four nessus/tennable source types; make sure you are using the right source type.

Thanks!

0 Karma

himapate
Explorer

Yes i am collecting for the nessus sourcetype below is the stanza for the same in inputs.conf

[nessus://NessusPlugin]
metric = nessus_plugin
interval = 84600
url = https://:8834
access_key = 
secret_key =
start_date = 2016/01/01
page_size = 1000
index = nessus
batch_size = 0
start_by_shell = false
0 Karma

himapate
Explorer

Managed to get all the scan data but plugin issue remains the same

0 Karma
Get Updates on the Splunk Community!

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

 WATCH NOW Powering your capabilities has never been so easy with ready-made Splunk® SOAR Utility Apps. Parse ...

DevSecOps: Why You Should Care and How To Get Started

 WATCH NOW In this Tech Talk we will talk about what people mean by DevSecOps and deep dive into the different ...