Solved: Re: Tenable Add-On for Splunk ins't loging into Se...

jscraig2006 · ‎06-19-2019

After installation and configuration of Tenable Add-On, It will only log in once into Security Center. If I restart Splunk or update the configuration, it will also log in once. But running on the scheduled interval, it does not.

OS: RHEL
Splunk 7.2
Tenanble.SC version 5.9.0
Tenable Add-On for Splunk version 2.0.1

looking at the ta_tenable_tenable_securitycenter.log appears to be working, but i do see a connection drop every 10 mins which is the set inverval.

2019-06-19 13:33:38,784 DEBUG pid=11942 tid=MainThread file=connectionpool.py:_make_request:400 | https://securitycenter.cloud.com:443 "POST /rest/analysis HTTP/1.1" 200 None

2019-06-19 13:51:28,339 DEBUG pid=11942 tid=MainThread file=connectionpool.py:_get_conn:247 | Resetting dropped connection: securitycenter.cloud.com

Any assistance is appreciated. Thanks in advance.

nkeuning · ‎06-19-2019

Please submit a support ticket to us with a copy of your full log so we can help identify what is going on.

View solution in original post

nkeuning · ‎06-19-2019

Please submit a support ticket to us with a copy of your full log so we can help identify what is going on.

jscraig2006 · ‎06-26-2019

It started working again which is a mystery. If it stops, i'll be sure to open a case.

Tenable Add-On for Splunk ins't loging into Security Center with interval

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

Introduction to Splunk AI