Solved: Re: Tenable Add-On for Splunk ins't loging into Se...

jscraig2006 · ‎06-19-2019

After installation and configuration of Tenable Add-On, It will only log in once into Security Center. If I restart Splunk or update the configuration, it will also log in once. But running on the scheduled interval, it does not.

OS: RHEL
Splunk 7.2
Tenanble.SC version 5.9.0
Tenable Add-On for Splunk version 2.0.1

looking at the ta_tenable_tenable_securitycenter.log appears to be working, but i do see a connection drop every 10 mins which is the set inverval.

2019-06-19 13:33:38,784 DEBUG pid=11942 tid=MainThread file=connectionpool.py:_make_request:400 | https://securitycenter.cloud.com:443 "POST /rest/analysis HTTP/1.1" 200 None

2019-06-19 13:51:28,339 DEBUG pid=11942 tid=MainThread file=connectionpool.py:_get_conn:247 | Resetting dropped connection: securitycenter.cloud.com

Any assistance is appreciated. Thanks in advance.

nkeuning · ‎06-19-2019

Please submit a support ticket to us with a copy of your full log so we can help identify what is going on.

View solution in original post

nkeuning · ‎06-19-2019

Please submit a support ticket to us with a copy of your full log so we can help identify what is going on.

jscraig2006 · ‎06-26-2019

It started working again which is a mystery. If it stops, i'll be sure to open a case.

Tenable Add-On for Splunk ins't loging into Security Center with interval

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms