All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Vulnerabilities number in splunk not matching vulnerabilities in Tenable for same ip(Machine)

AFerns08
Engager
‎02-09-2020 02:20 PM

Hi,
we just ran a scan on a network and found some vulnerabilities in tenable for one particular machine(ipv4).

lets say 10 vulnerabilities were discovered on the tenable app but when i was checking splunk, i could only see 8 vulnerabilities in splunk. 2 events(vulnerabilities) were missing in splunk for the same machine.

We have the Tenable App for Splunk installed on our splunk search head.
Is this a truncation issue? below are the config from transforms.conf
[tenable:nnm:vuln]
DATETIME_CONFIG = CURRENT
EVAL-vendor_product = "Tenable xxx"
EVAL-product = "xxx"
EVAL-vendor = "Tenable"
TRUNCATE = 68000000
SHOULD_LINEMERGE = 0

0 Karma
Reply

nkeuning
Communicator
‎02-10-2020 05:33 PM

Please open a case with support.tenable.com and we can help track this down.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What can you do to make 55,555 equal 500?

April 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...
Top