Hi , i am currently using "tenable add-on for splunk" : https://docs.tenable.com/other/TenableAppsforSplunk.pdf
But i am getting this error :""
2018-08-06 04:07:36,367 ERROR pid=18542 tid=MainThread file=io_connect.py:__checkResponse:71 | Tenable Error: response: {"error":"User does not have permissions needed for this resource."}
Can somebody help me regarding this,
Thanks in advance for help.
What Tenable product are you trying to connect to (Teanble.io/SecurityCetner)? If Tenable.io then you need to make sure the user you are connecting with has full administrator access. If SecurityCenter then you need to make sure the you have a normal user account with access to read from the correct repositories.
Thank you for that answer, will try to do that and see if it would work.
Follow up question : Is it right to input "cloud.tenable.com" on the (tenable add-on for splunk)Credentials > Address *?
Assuming you are creating a Tenable.io set of credentials, yes that is correct.
I keep getting "Please enter valid Address or configure valid proxy settings or verify SSL certificate." when attempting to configure access to tenable.io with "cloud.tenable.com".
Curl towards tenable.io API with the same access tokens and proxy information works correctly. The account is Administrator.
Any ideas on how to further troubleshoot it?
Did you configure the proxy in the Add-On configuration screen?
Yes, the proxy is added correctly, there is a significant difference in "timeout" to this error if proxy information is not provided, so we know the proxy is set correctly.
At this point it would be best if you create a support ticket at support.tenable.com. If you can enable debug logging and includ that in the initial request that would be helpful too. Please make sure to let them know you have done some preliminary debugging with Nick Keuning, on the integrations team, as well.
Sure, will do. Where would I set and later see the debug logging?
To set debugging go to Tenable Add-On->Configuration->Logging. All of the Add-On logs are stored in the _internal index within splunk:
index="_internal" source="ta_tenable"