All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Vulnerability scanning: Which scanning tool would you recommend to report on Splunk add-on vulnerabilities?

byronrivers
Loves-to-Learn Lots
‎08-15-2023 01:56 PM

Hello, which scanning tool would you recommend to report on Splunk add-on vulnerabilities?

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-16-2023 02:18 AM

HI @byronrivers,

are you speaking of scanning of Splunk vulnerabilities or scanning your systems and use reported vulterabilities on Splunk?

Anyway, in my company you use Tenable/Nessus with a large satisfaction, but you can use the most Vulnerability Assessment tools and import results in Splunk.

Ciao.

Giuseppe

0 Karma
Reply

byronrivers
Loves-to-Learn Lots
‎08-16-2023 01:02 PM

Hi @gcusello ,

Yes, a tool for scanning/reporting on Splunk and Splunk Add-ons vulnerabilities. We are already using Splunk to ingest vulnerability scan data from our scanning tool, but really we are looking to get vulnerability reports/scans ABOUT Splunk and Splunk add-ons itself. For example here is a vulnerability about Splunk itself (https://advisory.splunk.com/advisories/SVD-2023-0608 ). We are looking for a reporting or scanning tool that can report on Splunk and Splunk add-on vulnerabilities."



0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎08-17-2023 05:02 AM

Any relatively decent vulnerability scanner should give you proper reports about the base Splunk Enterprise platform and maybe the basic/most popular apps/add-ons. Including of course the big trio - Tenable/Qualys/Nexpose. But I wouldn't expect any scanner really to be able to find vulnerabilities in some very rarely used and completely unknown apps/add-ons which just about dozen people in the world use.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-16-2023 11:48 PM

Hi @byronrivers,

as I said, we use Tenable Nessus/SecurityCenter because we are Tenable partners and we knw very well these solutions (not me, only my colleagues!) so we integrated these solutions taking the scar results in Splunk and displaying them.

If you have SecurityCenter, there's an Add-On to take logs, if you have Nessus, you have to create a script that activate scanning and takes results in Splunk.

Ciao.

Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

CX Day is Coming!

Customer Experience (CX) Day is on October 7th!! We're so excited to bring back another day full of wonderful ...

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

The Big One: Splunk 10 is Here!  The moment many of you have been waiting for has arrived! We are thrilled to ...

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Today, we’re excited to announce the release of a brand new AI assistant usage dashboard in Cloud Monitoring ...