All Apps and Add-ons

Unable to Add Tenable.io Account in Tenable Add-on for Splunk Configuration Screen

sdemoss
Explorer

We have installed the Tenable Add-on for Splunk to our HF as prescribed by the TA documentation. The necessary account on the Teanble side has been created and the API key pieces successfully generated. We have been able to validate this API key using various curl commands as well as testing the API endpoints through developer.tenable.com.

However, when we attempt to configure the Tenable.io account inside of this TA, we are consistently given the "Please enter valid Address or configure valid proxy settings or verify SSL certificate." error message. There is no proxy in use here (again, the programatic API calls from the CLI all return valid results for various endpoints).

Has anyone else encountered and successfully resolved this issue? My gut tells me that if I could successfully create a valid config file (ta_tenable_settings.conf?) that stores the API keys and account details (typically populated by the Web UI for the add-on), that this would all work just fine. However, I do not have an example of a valid configuration file that stores the details of the Tenable.io account.

Thanks in advance!

0 Karma
1 Solution

sdemoss
Explorer

I was able to solve my own problem with some additional digging. It turns out that the README directory that ships with the TA includes sample configuration files, one of which is called ta_tenable_account.conf. Of course I only found this file after reviewing the various python files in the app's bin directory and extracting the configuration settings it was leveraging 🙂
Upon manually creating an account stanza in this file and restarting Splunk, my account was recognized/registered and I could successfully create an input and index data.

I did not further troubleshoot the issue with TA's web UI for creating an account.

To summarize, if you are receiving this error, do the following as a suitable workaround:
1. Copy the $SPLUNK_HOME/etc/apps/TA-tenable/README/ta_tenable_account.conf.spec file to the TA's local directory
2. Rename the file to remove the ".spec" suffix from the filename
3. Edit the file accordingly. A sample, valid configuration file looks like this:

[myTenableIOAccountName]
tenable_account_type = tenable_io
address = cloud.tenable.com
verify_ssl = 0
access_key = pasteYourApiAccessKeyHere
secret_key = pasteYourApiSecretKeyHere

Restart Splunk, open the Tenable TA and Create a Tenable.io input and you should be off and running.

View solution in original post

sdemoss
Explorer

I was able to solve my own problem with some additional digging. It turns out that the README directory that ships with the TA includes sample configuration files, one of which is called ta_tenable_account.conf. Of course I only found this file after reviewing the various python files in the app's bin directory and extracting the configuration settings it was leveraging 🙂
Upon manually creating an account stanza in this file and restarting Splunk, my account was recognized/registered and I could successfully create an input and index data.

I did not further troubleshoot the issue with TA's web UI for creating an account.

To summarize, if you are receiving this error, do the following as a suitable workaround:
1. Copy the $SPLUNK_HOME/etc/apps/TA-tenable/README/ta_tenable_account.conf.spec file to the TA's local directory
2. Rename the file to remove the ".spec" suffix from the filename
3. Edit the file accordingly. A sample, valid configuration file looks like this:

[myTenableIOAccountName]
tenable_account_type = tenable_io
address = cloud.tenable.com
verify_ssl = 0
access_key = pasteYourApiAccessKeyHere
secret_key = pasteYourApiSecretKeyHere

Restart Splunk, open the Tenable TA and Create a Tenable.io input and you should be off and running.

Get Updates on the Splunk Community!

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...