All Apps and Add-ons

Splunk Add-on for Tenable: How to troubleshoot why I am not getting any search results for sourcetype=nessus:plugin?

himapate
Explorer

Hi ,

I am not able to get the Nessus scan data ( Only informational Events ), whereas the Nessus result has medium and high count.
Also, when I search for sourcetype=nessus:plugin, there is no result popping up.

0 Karma

hunters_splunk
Splunk Employee
Splunk Employee

Hi himapate,

Are you sure you have collected data of the nessus:plugin sourcetype? The add-on supports four nessus/tennable source types; make sure you are using the right source type.

Thanks!

0 Karma

himapate
Explorer

Yes i am collecting for the nessus sourcetype below is the stanza for the same in inputs.conf

[nessus://NessusPlugin]
metric = nessus_plugin
interval = 84600
url = https://:8834
access_key = 
secret_key =
start_date = 2016/01/01
page_size = 1000
index = nessus
batch_size = 0
start_by_shell = false
0 Karma

himapate
Explorer

Managed to get all the scan data but plugin issue remains the same

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!