All Apps and Add-ons

Why doesn't my Hurricane Labs Add on for Vulnerability Management show any data or find any results?

MattStuart10
New Member

The app says it would not need any configuration, however, upon loading the app, it returns no results in any of the multiple fields.

I am pulling vulnerability information from a Nessus scanner via the Splunk Universal Forwarder and the raw data is searchable in the "Search & Reporting" App.

0 Karma

cschmidt_hurric
Path Finder

Hi Matt. Are you using our addon for Nessus, or another app for pulling data out of your Nessus scanner? Additionally, what version of Nessus is your scanner running?

0 Karma

tp92222
Explorer

i am getting "Search produced no results", but when I modify the search string for "Number of hosts with scan results reported" to tag=vulnerability | stats distinct_count(dest) it worked and gave me results.

Similarly, for "Top 10 Reporting Hosts with Vulnerabilities" I modified the search string to tag=vulnerability severity=* NOT severity=informational | chart count over dest by severity | sort -count limit=10 | rename low as Low, medium as Medium, high as High, critical as Critical

Can anyone tell me what are these reports (drop-down menu)?

Are plugin_id and report_id the same?

I'm facing lookup errors as well:

Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'nessus_vuln' and lookup table 'nessus_plugin_lookup'.
The lookup table 'qualys_qid_lookup' does not exist. It is referenced by configuration 'qualys_vuln'.
0 Karma

jeeames
Explorer

It looks like you might need to remove the Splunk_TA_nessus from your $SPLUNK_HOME/etc/apps and stick with TA-nessus if you are going to use the Hurricane Labs add on

0 Karma

tp92222
Explorer

any updates ??

0 Karma

MattStuart10
New Member

No, nothing as of yet

0 Karma

cschmidt_hurric
Path Finder

Apologies, but I am still looking into this. I've found some unrelated bugs with the Nessus app but have been unable to recreate this one so far.

0 Karma

MattStuart10
New Member

Hi. I'm using the Splunk Add on for Nessus to pull the data in. The version of Nessus being run is 6.5.3 on a Linux platform.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!