Hello, which scanning tool would you recommend to report on Splunk add-on vulnerabilities?
HI @byronrivers,
are you speaking of scanning of Splunk vulnerabilities or scanning your systems and use reported vulterabilities on Splunk?
Anyway, in my company you use Tenable/Nessus with a large satisfaction, but you can use the most Vulnerability Assessment tools and import results in Splunk.
Ciao.
Giuseppe
Hi @gcusello ,
Any relatively decent vulnerability scanner should give you proper reports about the base Splunk Enterprise platform and maybe the basic/most popular apps/add-ons. Including of course the big trio - Tenable/Qualys/Nexpose. But I wouldn't expect any scanner really to be able to find vulnerabilities in some very rarely used and completely unknown apps/add-ons which just about dozen people in the world use.
Hi @byronrivers,
as I said, we use Tenable Nessus/SecurityCenter because we are Tenable partners and we knw very well these solutions (not me, only my colleagues!) so we integrated these solutions taking the scar results in Splunk and displaying them.
If you have SecurityCenter, there's an Add-On to take logs, if you have Nessus, you have to create a script that activate scanning and takes results in Splunk.
Ciao.
Giuseppe