Hi,
I am trying to set up inputs on TA-Tenable add on and it fails with error "Argument validation for scheme=tenable_securitycenter: script running failed (killed by signal 9: Killed).". I installed "Tenable add-on for Splunk" version 3.1.0 on one of our heavy forwarder.
Anyone have any suggestions what could be wrong here?
try creating account and inputs from cli:
$SPLUNK_HOME/TA-tenable/local/ta_tenable_account.conf
[credentials]
address = tenable.comp.com
proxy_enabled = 0
tenable_account_type = tenable_securitycenter_api_keys
tenable_sc_access_key = <access_key>
tenable_sc_secret_key = <secret_key>
verify_ssl = 0
$SPLUNK_HOME/TA-tenable/local/inputs.conf
[tenable_securitycenter://Tenable_SC_Vulnerability]
fixed_vulnerability = 1
global_account = credentials
index = <your_index_name>
interval = 86400
start_time = 2022-01-03T00:00:00Z
sync_plugins = 1
disabled = 0
max_event_size = 67108864
page_size = 1000
Note: don't forget to change access_key,secret_key and your_index_name
This issue is usually due to latency issue with the network or HF. The workaround is to manually add the inputs by configuring the inputs.conf, passwords.conf, ta_tenable_account.conf and the ta_tenable_settings.conf files. The password will be hashed after Splunk is restarted.
If you are running on windows you may have to try a few times. We've found this to be extremely slow even on a clean install. Please feel free to open a support case with Tenable to help trackdown and resolve this.
I am running this on a Linux box 😞
Did you figure out the culprit, or how to increase the timeout?