All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Unable to Add Tenable.io Account in Tenable Add-on for Splunk Configuration Screen

sdemoss
Explorer
‎05-15-2019 03:38 PM

We have installed the Tenable Add-on for Splunk to our HF as prescribed by the TA documentation. The necessary account on the Teanble side has been created and the API key pieces successfully generated. We have been able to validate this API key using various curl commands as well as testing the API endpoints through developer.tenable.com.

However, when we attempt to configure the Tenable.io account inside of this TA, we are consistently given the "Please enter valid Address or configure valid proxy settings or verify SSL certificate." error message. There is no proxy in use here (again, the programatic API calls from the CLI all return valid results for various endpoints).

Has anyone else encountered and successfully resolved this issue? My gut tells me that if I could successfully create a valid config file (ta_tenable_settings.conf?) that stores the API keys and account details (typically populated by the Web UI for the add-on), that this would all work just fine. However, I do not have an example of a valid configuration file that stores the details of the Tenable.io account.

Thanks in advance!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sdemoss
Explorer
‎05-16-2019 01:58 PM

I was able to solve my own problem with some additional digging. It turns out that the README directory that ships with the TA includes sample configuration files, one of which is called ta_tenable_account.conf. Of course I only found this file after reviewing the various python files in the app's bin directory and extracting the configuration settings it was leveraging 🙂
Upon manually creating an account stanza in this file and restarting Splunk, my account was recognized/registered and I could successfully create an input and index data.

I did not further troubleshoot the issue with TA's web UI for creating an account.

To summarize, if you are receiving this error, do the following as a suitable workaround:
1. Copy the $SPLUNK_HOME/etc/apps/TA-tenable/README/ta_tenable_account.conf.spec file to the TA's local directory
2. Rename the file to remove the ".spec" suffix from the filename
3. Edit the file accordingly. A sample, valid configuration file looks like this:

[myTenableIOAccountName]
tenable_account_type = tenable_io
address = cloud.tenable.com
verify_ssl = 0
access_key = pasteYourApiAccessKeyHere
secret_key = pasteYourApiSecretKeyHere

Restart Splunk, open the Tenable TA and Create a Tenable.io input and you should be off and running.

View solution in original post

Reply
Solved! Jump to solution
Solution

sdemoss
Explorer
‎05-16-2019 01:58 PM

I was able to solve my own problem with some additional digging. It turns out that the README directory that ships with the TA includes sample configuration files, one of which is called ta_tenable_account.conf. Of course I only found this file after reviewing the various python files in the app's bin directory and extracting the configuration settings it was leveraging 🙂
Upon manually creating an account stanza in this file and restarting Splunk, my account was recognized/registered and I could successfully create an input and index data.

I did not further troubleshoot the issue with TA's web UI for creating an account.

To summarize, if you are receiving this error, do the following as a suitable workaround:
1. Copy the $SPLUNK_HOME/etc/apps/TA-tenable/README/ta_tenable_account.conf.spec file to the TA's local directory
2. Rename the file to remove the ".spec" suffix from the filename
3. Edit the file accordingly. A sample, valid configuration file looks like this:

[myTenableIOAccountName]
tenable_account_type = tenable_io
address = cloud.tenable.com
verify_ssl = 0
access_key = pasteYourApiAccessKeyHere
secret_key = pasteYourApiSecretKeyHere

Restart Splunk, open the Tenable TA and Create a Tenable.io input and you should be off and running.

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...