- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have installed the Tenable Add-on for Splunk to our HF as prescribed by the TA documentation. The necessary account on the Teanble side has been created and the API key pieces successfully generated. We have been able to validate this API key using various curl commands as well as testing the API endpoints through developer.tenable.com.
However, when we attempt to configure the Tenable.io account inside of this TA, we are consistently given the "Please enter valid Address or configure valid proxy settings or verify SSL certificate." error message. There is no proxy in use here (again, the programatic API calls from the CLI all return valid results for various endpoints).
Has anyone else encountered and successfully resolved this issue? My gut tells me that if I could successfully create a valid config file (ta_tenable_settings.conf?) that stores the API keys and account details (typically populated by the Web UI for the add-on), that this would all work just fine. However, I do not have an example of a valid configuration file that stores the details of the Tenable.io account.
Thanks in advance!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was able to solve my own problem with some additional digging. It turns out that the README directory that ships with the TA includes sample configuration files, one of which is called ta_tenable_account.conf. Of course I only found this file after reviewing the various python files in the app's bin directory and extracting the configuration settings it was leveraging 🙂
Upon manually creating an account stanza in this file and restarting Splunk, my account was recognized/registered and I could successfully create an input and index data.
I did not further troubleshoot the issue with TA's web UI for creating an account.
To summarize, if you are receiving this error, do the following as a suitable workaround:
1. Copy the $SPLUNK_HOME/etc/apps/TA-tenable/README/ta_tenable_account.conf.spec file to the TA's local directory
2. Rename the file to remove the ".spec" suffix from the filename
3. Edit the file accordingly. A sample, valid configuration file looks like this:
[myTenableIOAccountName]
tenable_account_type = tenable_io
address = cloud.tenable.com
verify_ssl = 0
access_key = pasteYourApiAccessKeyHere
secret_key = pasteYourApiSecretKeyHere
Restart Splunk, open the Tenable TA and Create a Tenable.io input and you should be off and running.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was able to solve my own problem with some additional digging. It turns out that the README directory that ships with the TA includes sample configuration files, one of which is called ta_tenable_account.conf. Of course I only found this file after reviewing the various python files in the app's bin directory and extracting the configuration settings it was leveraging 🙂
Upon manually creating an account stanza in this file and restarting Splunk, my account was recognized/registered and I could successfully create an input and index data.
I did not further troubleshoot the issue with TA's web UI for creating an account.
To summarize, if you are receiving this error, do the following as a suitable workaround:
1. Copy the $SPLUNK_HOME/etc/apps/TA-tenable/README/ta_tenable_account.conf.spec file to the TA's local directory
2. Rename the file to remove the ".spec" suffix from the filename
3. Edit the file accordingly. A sample, valid configuration file looks like this:
[myTenableIOAccountName]
tenable_account_type = tenable_io
address = cloud.tenable.com
verify_ssl = 0
access_key = pasteYourApiAccessKeyHere
secret_key = pasteYourApiSecretKeyHere
Restart Splunk, open the Tenable TA and Create a Tenable.io input and you should be off and running.
