All Apps and Add-ons

Why aren't the severity numbers from Tenable in Splunk not matching the numbers in Security Center?

bcyates
Communicator

We are using the add-on to ingest data from Nessus SecurityCenter into Splunk. However, the numbers do not match up. Week-long searches in SecurityCenter show numbers different from week-long searches in Splunk when we do a timechart. For example, on the day of the last scan, the numbers for critical and high are off by ~200, but the mediums are off by ~2500+. Is there something we can dedup by, or a way to get the numbers closer? We have little confidence in the accuracy of what's in Splunk since the numbers are so far off of what is in SecurityCenter

0 Karma

xpac
SplunkTrust
SplunkTrust

Are your numbers in Splunk too high or too low?

0 Karma

bcyates
Communicator

It depends on the severity. Criticals and highs area little too low, but mediums are way too high

0 Karma