All Apps and Add-ons

Vulnerabilities number in splunk not matching vulnerabilities in Tenable for same ip(Machine)

AFerns08
Engager

Hi,
we just ran a scan on a network and found some vulnerabilities in tenable for one particular machine(ipv4).

lets say 10 vulnerabilities were discovered on the tenable app but when i was checking splunk, i could only see 8 vulnerabilities in splunk. 2 events(vulnerabilities) were missing in splunk for the same machine.

We have the Tenable App for Splunk installed on our splunk search head.
Is this a truncation issue? below are the config from transforms.conf
[tenable:nnm:vuln]
DATETIME_CONFIG = CURRENT
EVAL-vendor_product = "Tenable xxx"
EVAL-product = "xxx"
EVAL-vendor = "Tenable"
TRUNCATE = 68000000
SHOULD_LINEMERGE = 0

0 Karma

nkeuning
Communicator

Please open a case with support.tenable.com and we can help track this down.

0 Karma
Get Updates on the Splunk Community!

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...