All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Vulnerability scanning: Which scanning tool would you recommend to report on Splunk add-on vulnerabilities?

byronrivers
Loves-to-Learn Lots
‎08-15-2023 01:56 PM

Hello, which scanning tool would you recommend to report on Splunk add-on vulnerabilities?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-16-2023 02:18 AM

HI @byronrivers,

are you speaking of scanning of Splunk vulnerabilities or scanning your systems and use reported vulterabilities on Splunk?

Anyway, in my company you use Tenable/Nessus with a large satisfaction, but you can use the most Vulnerability Assessment tools and import results in Splunk.

Ciao.

Giuseppe

0 Karma
Reply

byronrivers
Loves-to-Learn Lots
‎08-16-2023 01:02 PM

Hi @gcusello ,

Yes, a tool for scanning/reporting on Splunk and Splunk Add-ons vulnerabilities. We are already using Splunk to ingest vulnerability scan data from our scanning tool, but really we are looking to get vulnerability reports/scans ABOUT Splunk and Splunk add-ons itself. For example here is a vulnerability about Splunk itself (https://advisory.splunk.com/advisories/SVD-2023-0608 ). We are looking for a reporting or scanning tool that can report on Splunk and Splunk add-on vulnerabilities."



0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-17-2023 05:02 AM

Any relatively decent vulnerability scanner should give you proper reports about the base Splunk Enterprise platform and maybe the basic/most popular apps/add-ons. Including of course the big trio - Tenable/Qualys/Nexpose. But I wouldn't expect any scanner really to be able to find vulnerabilities in some very rarely used and completely unknown apps/add-ons which just about dozen people in the world use.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-16-2023 11:48 PM

Hi @byronrivers,

as I said, we use Tenable Nessus/SecurityCenter because we are Tenable partners and we knw very well these solutions (not me, only my colleagues!) so we integrated these solutions taking the scar results in Splunk and displaying them.

If you have SecurityCenter, there's an Add-On to take logs, if you have Nessus, you have to create a script that activate scanning and takes results in Splunk.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

There’s something special about this time of year—maybe it’s the glow of the holidays, maybe it’s the ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to ...

Announcing the Migration of the Splunk Add-on for Microsoft Azure Inputs to Officially Supported Splunk ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI! Discover how Splunk’s agentic AI ...