All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

The Splunk Add-on for Nessus config job runs, but why does it never connect or attempt to log in to SecurityCenter?

cudgel
Path Finder
‎08-08-2016 06:14 AM

I am using SecurityCenter 5.4 (upgraded from 4.x specifically to get compatibility with this Splunk Add-on for Nessus). All of the configurations from the documentation have been applied correctly, but the TA never connects to SecurityCenter - no login attempts in the SecurityCenter logs. The following messages repeat at whatever the interval is set at:

2016-08-08 13:09:46,969 +0000 log_level=INFO, pid=18721, tid=MainThread, file=ta_mod_input.py, func_name=main, code_line_no=187 | End Tenable task
2016-08-08 13:09:46,968 +0000 log_level=INFO, pid=18721, tid=MainThread, file=ta_config.py, func_name=_generate_task_configs, code_line_no=78 | Totally generated 1 task configs
2016-08-08 13:09:44,302 +0000 log_level=INFO, pid=18721, tid=MainThread, file=ta_mod_input.py, func_name=main, code_line_no=180 | Start Tenable task
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rwang_splunk
Splunk Employee
Splunk Employee
‎08-08-2016 06:28 PM

Hi Cudgel

See http://docs.splunk.com/Documentation/AddOns/released/Nessus/Description
I think Splunk Add-on for Tenable can support Security Center 5.3.x. But it doesn't support Security Center 5.4 since the set-cookie format is changed in 5.4.

View solution in original post

Reply
Solved! Jump to solution
Solution

rwang_splunk
Splunk Employee
Splunk Employee
‎08-08-2016 06:28 PM

Hi Cudgel

See http://docs.splunk.com/Documentation/AddOns/released/Nessus/Description
I think Splunk Add-on for Tenable can support Security Center 5.3.x. But it doesn't support Security Center 5.4 since the set-cookie format is changed in 5.4.

Reply
Solved! Jump to solution

cudgel
Path Finder
‎08-09-2016 04:33 AM

That is unfortunate since the appliance does not really give you a granular upgrade option.

I hope the version support will be expanded to the latest versions of SecurityCenter - Tenable is fairly aggressive about pushing their customers to keep up-to-date.

0 Karma
Reply
Solved! Jump to solution

rwang_splunk
Splunk Employee
Splunk Employee
‎08-09-2016 08:41 PM

Hi again Cudgel.
Thanks for your considerations. I'll pass the requirement to PMs.

0 Karma
Reply
Solved! Jump to solution

cudgel
Path Finder
‎08-08-2016 07:55 AM

I have verified that the connection from the Splunk host to SecurityCenter is open - I previously used a custom python script to collect vulnerability data from the same host so I can verify the account Splunk uses to connect to the API has the right role.

0 Karma
Reply
Get Updates on the Splunk Community!

Get Schooled with Splunk Education: Explore Our Latest Courses

At Splunk Education, we’re dedicated to providing incredible learning experiences that cater to every skill ...

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top