All Apps and Add-ons

Why doesn't my Hurricane Labs Add on for Vulnerability Management show any data or find any results?

New Member

The app says it would not need any configuration, however, upon loading the app, it returns no results in any of the multiple fields.

I am pulling vulnerability information from a Nessus scanner via the Splunk Universal Forwarder and the raw data is searchable in the "Search & Reporting" App.

0 Karma

Path Finder

Hi Matt. Are you using our addon for Nessus, or another app for pulling data out of your Nessus scanner? Additionally, what version of Nessus is your scanner running?

0 Karma

Explorer

i am getting "Search produced no results", but when I modify the search string for "Number of hosts with scan results reported" to tag=vulnerability | stats distinct_count(dest) it worked and gave me results.

Similarly, for "Top 10 Reporting Hosts with Vulnerabilities" I modified the search string to tag=vulnerability severity=* NOT severity=informational | chart count over dest by severity | sort -count limit=10 | rename low as Low, medium as Medium, high as High, critical as Critical

Can anyone tell me what are these reports (drop-down menu)?

Are pluginid and reportid the same?

I'm facing lookup errors as well:

Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'nessus_vuln' and lookup table 'nessus_plugin_lookup'.
The lookup table 'qualys_qid_lookup' does not exist. It is referenced by configuration 'qualys_vuln'.
0 Karma

Explorer

It looks like you might need to remove the SplunkTAnessus from your $SPLUNK_HOME/etc/apps and stick with TA-nessus if you are going to use the Hurricane Labs add on

0 Karma

Explorer

any updates ??

0 Karma

New Member

No, nothing as of yet

0 Karma

Path Finder

Apologies, but I am still looking into this. I've found some unrelated bugs with the Nessus app but have been unable to recreate this one so far.

0 Karma

New Member

Hi. I'm using the Splunk Add on for Nessus to pull the data in. The version of Nessus being run is 6.5.3 on a Linux platform.

0 Karma