All Apps and Add-ons

The Splunk Add-on for Nessus config job runs, but why does it never connect or attempt to log in to SecurityCenter?

Path Finder

I am using SecurityCenter 5.4 (upgraded from 4.x specifically to get compatibility with this Splunk Add-on for Nessus). All of the configurations from the documentation have been applied correctly, but the TA never connects to SecurityCenter - no login attempts in the SecurityCenter logs. The following messages repeat at whatever the interval is set at:

2016-08-08 13:09:46,969 +0000 log_level=INFO, pid=18721, tid=MainThread, file=ta_mod_input.py, func_name=main, code_line_no=187 | End Tenable task
2016-08-08 13:09:46,968 +0000 log_level=INFO, pid=18721, tid=MainThread, file=ta_config.py, func_name=_generate_task_configs, code_line_no=78 | Totally generated 1 task configs
2016-08-08 13:09:44,302 +0000 log_level=INFO, pid=18721, tid=MainThread, file=ta_mod_input.py, func_name=main, code_line_no=180 | Start Tenable task
0 Karma
1 Solution

Splunk Employee
Splunk Employee

Hi Cudgel

See http://docs.splunk.com/Documentation/AddOns/released/Nessus/Description
I think Splunk Add-on for Tenable can support Security Center 5.3.x. But it doesn't support Security Center 5.4 since the set-cookie format is changed in 5.4.

View solution in original post

Splunk Employee
Splunk Employee

Hi Cudgel

See http://docs.splunk.com/Documentation/AddOns/released/Nessus/Description
I think Splunk Add-on for Tenable can support Security Center 5.3.x. But it doesn't support Security Center 5.4 since the set-cookie format is changed in 5.4.

View solution in original post

Path Finder

That is unfortunate since the appliance does not really give you a granular upgrade option.

I hope the version support will be expanded to the latest versions of SecurityCenter - Tenable is fairly aggressive about pushing their customers to keep up-to-date.

0 Karma

Splunk Employee
Splunk Employee

Hi again Cudgel.
Thanks for your considerations. I'll pass the requirement to PMs.

0 Karma

Path Finder

I have verified that the connection from the Splunk host to SecurityCenter is open - I previously used a custom python script to collect vulnerability data from the same host so I can verify the account Splunk uses to connect to the API has the right role.

0 Karma