All Apps and Add-ons

Why is Tenable add-on for Splunk not polling data?

Builder

Hi , i am currently using "tenable add-on for splunk" : https://docs.tenable.com/other/TenableAppsforSplunk.pdf
But i am getting this error :""

2018-08-06 04:07:36,367 ERROR pid=18542 tid=MainThread file=io_connect.py:__checkResponse:71 | Tenable Error: response: {"error":"User does not have permissions needed for this resource."}

Can somebody help me regarding this,
Thanks in advance for help.

0 Karma

Communicator

What Tenable product are you trying to connect to (Teanble.io/SecurityCetner)? If Tenable.io then you need to make sure the user you are connecting with has full administrator access. If SecurityCenter then you need to make sure the you have a normal user account with access to read from the correct repositories.

0 Karma

Builder

Thank you for that answer, will try to do that and see if it would work.
Follow up question : Is it right to input "cloud.tenable.com" on the (tenable add-on for splunk)Credentials > Address *?

0 Karma

Communicator

Assuming you are creating a Tenable.io set of credentials, yes that is correct.

0 Karma

Path Finder

I keep getting "Please enter valid Address or configure valid proxy settings or verify SSL certificate." when attempting to configure access to tenable.io with "cloud.tenable.com".

Curl towards tenable.io API with the same access tokens and proxy information works correctly. The account is Administrator.

Any ideas on how to further troubleshoot it?

0 Karma

Communicator

Did you configure the proxy in the Add-On configuration screen?

0 Karma

Path Finder

Yes, the proxy is added correctly, there is a significant difference in "timeout" to this error if proxy information is not provided, so we know the proxy is set correctly.

0 Karma

Communicator

At this point it would be best if you create a support ticket at support.tenable.com. If you can enable debug logging and includ that in the initial request that would be helpful too. Please make sure to let them know you have done some preliminary debugging with Nick Keuning, on the integrations team, as well.

0 Karma

Path Finder

Sure, will do. Where would I set and later see the debug logging?

0 Karma

Communicator

To set debugging go to Tenable Add-On->Configuration->Logging. All of the Add-On logs are stored in the _internal index within splunk:
index="_internal" source="ta_tenable"

0 Karma