Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- What is the difference between Splunk Add-on for T...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is the difference between Splunk Add-on for Tenable vs. Tenable Add-on for Splunk
I am recently trying to ingest data from Tenable to our Splunk environment. I noticed there are 2 add-ons available. I first used Tenable Add-on for Splunk and didn't have much issues. However, I noticed there was a Splunk add-on for Tenable. What's the difference between the 2?
Also, did anyone experience reports missing from Tenable SC after configuring the Splunk Tenable App? My IA team mentioned they no longer see their reports after I started ingesting the reports to Splunk.
Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are comparing the two, by looking at events, and comparing them. The Tenable add-on for Splunk seems to add a lot more data fields, specific to the discovered vulnerability. But the Splunk Add-on for Tenable seems to give more data on the host with the vulnerability.
Our next step is to run both, and compare an identical event record in both plugins.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you ever come to a conclusion on this?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @rsanders30,
I used the "Splunk Add-on for Tenable" some time ago. I'm not sure the "Tenable Add-On for Splunk" existed back then.
What we can tell from splunkbase is that the Tenable Add-On for Splunk is authored by Tenable. (I didn't verify.)
The Splunk Add-on for Tenable is authored by Splunk.
You can see that on Spunkbase under "BUILD BY".
Also, it appears that the "Tenable Add-On for Splunk" was recently updated on Oct. 30, 2018.
However, the "Splunk Add-on for Tenable" was last updated on May 10, 2018.
Given that the "Tenable Add-On for Splunk" appears to be directly from Tenable and that it was recently updated, I suggest you use this one.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass
May 2026 Splunk Expert Sessions: Security & Observability
Network to App: Observability Unlocked [May & June Series]
