All Apps and Add-ons

Why am I not retrieving scan data, only plugin data?

msketteran
New Member

I am retrieving plugin data just fine. However, at the same time I am not receiving any scan data. I found the following error log entry:

2016-07-25 09:39:44,912 ERROR pid=35903 tid=MainThread file=nessus_rest_client.py:request:91 | Failed to connect https://xxx.xxx.xxx.xxx:8834/scans/194, reason=Traceback (most recent call last):
File "/Applications/Splunk/etc/apps/Splunk_TA_nessus/bin/nessus_rest_client.py", line 79, in request
headers=headers)
File "/Applications/Splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/init.py", line 1593, in request
(response, content) = self.request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/Applications/Splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/
init.py", line 1335, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/Applications/Splunk/etc/apps/Splunk_TA_nessus/bin/splunktalib/httplib2/
init_.py", line 1291, in _conn_request
response = conn.getresponse()
File "/Applications/Splunk/lib/python2.7/httplib.py", line 1136, in getresponse
response.begin()
File "/Applications/Splunk/lib/python2.7/httplib.py", line 453, in begin
version, status, reason = self._read_status()
File "/Applications/Splunk/lib/python2.7/httplib.py", line 409, in _read_status
line = self.fp.readline(_MAXLINE + 1)
File "/Applications/Splunk/lib/python2.7/socket.py", line 480, in readline
data = self._sock.recv(self._rbufsize)
File "/Applications/Splunk/lib/python2.7/ssl.py", line 734, in recv
return self.read(buflen)
File "/Applications/Splunk/lib/python2.7/ssl.py", line 621, in read
v = self._sslobj.read(len or 1024)
SSLError: ('The read operation timed out',)

0 Karma
1 Solution

rwang_splunk
Splunk Employee
Splunk Employee

Hi msketteran

Try to use the following command in console to check whether it is a problem of the network.
curl -k -H "Accept: application/json" -H "Content-Type: application/json" -H "X-ApiKeys: accessKey=YOUR ACCESSKEY; secretKey=YOUR SECRET KEY" -X GET https://xxx.xxx.xxx.xxx:8834/scans/194
If you cannot connect the network successfully, try to check the network configuration. Otherwise, it might be a bug related to this add-on, you can file a customer ticket and we can have further investigation.
thanks.

View solution in original post

0 Karma

aosso
Path Finder

Did you configure a proxy for the add-on to get plugin information?

If so, it will try to connect also to the Nessus instance via that proxy. If the Nessus interface is not reachable through that proxy, then it will fail to connect.

0 Karma

msketteran
New Member

Tried the curl command and retrieved the scan just fine. I'll look into filing a ticket.

0 Karma

kurthin
New Member

I have this same issue and also get results from this command with no errors

0 Karma

rwang_splunk
Splunk Employee
Splunk Employee

Hi msketteran

Try to use the following command in console to check whether it is a problem of the network.
curl -k -H "Accept: application/json" -H "Content-Type: application/json" -H "X-ApiKeys: accessKey=YOUR ACCESSKEY; secretKey=YOUR SECRET KEY" -X GET https://xxx.xxx.xxx.xxx:8834/scans/194
If you cannot connect the network successfully, try to check the network configuration. Otherwise, it might be a bug related to this add-on, you can file a customer ticket and we can have further investigation.
thanks.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...