All Apps and Add-ons

Vulnerability scanning: Which scanning tool would you recommend to report on Splunk add-on vulnerabilities?

byronrivers
Loves-to-Learn Lots

Hello, which scanning tool would you recommend to report on Splunk add-on vulnerabilities?

Labels (1)
0 Karma

gcusello
SplunkTrust
SplunkTrust

HI @byronrivers,

are you speaking of scanning of Splunk vulnerabilities or scanning your systems and use reported vulterabilities on Splunk?

Anyway, in my company you use Tenable/Nessus with a large satisfaction, but you can use the most Vulnerability Assessment tools and import results in Splunk.

Ciao.

Giuseppe

0 Karma

byronrivers
Loves-to-Learn Lots

Hi @gcusello ,

Yes, a tool for scanning/reporting on Splunk and Splunk Add-ons vulnerabilities. We are already using Splunk to ingest vulnerability scan data from our scanning tool, but really we are looking to get vulnerability reports/scans ABOUT Splunk and Splunk add-ons itself. For example here is a vulnerability about Splunk itself (https://advisory.splunk.com/advisories/SVD-2023-0608 ). We are looking for a reporting or scanning tool that can report on Splunk and Splunk add-on vulnerabilities."



0 Karma

PickleRick
SplunkTrust
SplunkTrust

Any relatively decent vulnerability scanner should give you proper reports about the base Splunk Enterprise platform and maybe the basic/most popular apps/add-ons. Including of course the big trio - Tenable/Qualys/Nexpose. But I wouldn't expect any scanner really to be able to find vulnerabilities in some very rarely used and completely unknown apps/add-ons which just about dozen people in the world use.

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @byronrivers,

as I said, we use Tenable Nessus/SecurityCenter because we are Tenable partners and we knw very well these solutions (not me, only my colleagues!) so we integrated these solutions taking the scar results in Splunk and displaying them.

If you have SecurityCenter, there's an Add-On to take logs, if you have Nessus, you have to create a script that activate scanning and takes results in Splunk.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Video | Welcome Back to Smartness, Pedro

Remember Splunk Community member, Pedro Borges? If you tuned into Episode 2 of our Smartness interview series, ...

Detector Best Practices: Static Thresholds

Introduction In observability monitoring, static thresholds are used to monitor fixed, known values within ...

Expert Tips from Splunk Education, Observability in Action, Plus More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...