All Apps and Add-ons

The Splunk Add-on for Nessus config job runs, but why does it never connect or attempt to log in to SecurityCenter?

cudgel
Path Finder

I am using SecurityCenter 5.4 (upgraded from 4.x specifically to get compatibility with this Splunk Add-on for Nessus). All of the configurations from the documentation have been applied correctly, but the TA never connects to SecurityCenter - no login attempts in the SecurityCenter logs. The following messages repeat at whatever the interval is set at:

2016-08-08 13:09:46,969 +0000 log_level=INFO, pid=18721, tid=MainThread, file=ta_mod_input.py, func_name=main, code_line_no=187 | End Tenable task
2016-08-08 13:09:46,968 +0000 log_level=INFO, pid=18721, tid=MainThread, file=ta_config.py, func_name=_generate_task_configs, code_line_no=78 | Totally generated 1 task configs
2016-08-08 13:09:44,302 +0000 log_level=INFO, pid=18721, tid=MainThread, file=ta_mod_input.py, func_name=main, code_line_no=180 | Start Tenable task
0 Karma
1 Solution

rwang_splunk
Splunk Employee
Splunk Employee

Hi Cudgel

See http://docs.splunk.com/Documentation/AddOns/released/Nessus/Description
I think Splunk Add-on for Tenable can support Security Center 5.3.x. But it doesn't support Security Center 5.4 since the set-cookie format is changed in 5.4.

View solution in original post

rwang_splunk
Splunk Employee
Splunk Employee

Hi Cudgel

See http://docs.splunk.com/Documentation/AddOns/released/Nessus/Description
I think Splunk Add-on for Tenable can support Security Center 5.3.x. But it doesn't support Security Center 5.4 since the set-cookie format is changed in 5.4.

cudgel
Path Finder

That is unfortunate since the appliance does not really give you a granular upgrade option.

I hope the version support will be expanded to the latest versions of SecurityCenter - Tenable is fairly aggressive about pushing their customers to keep up-to-date.

0 Karma

rwang_splunk
Splunk Employee
Splunk Employee

Hi again Cudgel.
Thanks for your considerations. I'll pass the requirement to PMs.

0 Karma

cudgel
Path Finder

I have verified that the connection from the Splunk host to SecurityCenter is open - I previously used a custom python script to collect vulnerability data from the same host so I can verify the account Splunk uses to connect to the API has the right role.

0 Karma
Get Updates on the Splunk Community!

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...

Routing Data to Different Splunk Indexes in the OpenTelemetry Collector

This blog post is part of an ongoing series on OpenTelemetry. The OpenTelemetry project is the second largest ...