I am recently trying to ingest data from Tenable to our Splunk environment. I noticed there are 2 add-ons available. I first used Tenable Add-on for Splunk and didn't have much issues. However, I noticed there was a Splunk add-on for Tenable. What's the difference between the 2?
Also, did anyone experience reports missing from Tenable SC after configuring the Splunk Tenable App? My IA team mentioned they no longer see their reports after I started ingesting the reports to Splunk.
We are comparing the two, by looking at events, and comparing them. The Tenable add-on for Splunk seems to add a lot more data fields, specific to the discovered vulnerability. But the Splunk Add-on for Tenable seems to give more data on the host with the vulnerability.
Our next step is to run both, and compare an identical event record in both plugins.