All Apps and Add-ons

Why is Tenable add-on for Splunk not polling data?

jadengoho
Builder

Hi , i am currently using "tenable add-on for splunk" : https://docs.tenable.com/other/TenableAppsforSplunk.pdf
But i am getting this error :""

2018-08-06 04:07:36,367 ERROR pid=18542 tid=MainThread file=io_connect.py:__checkResponse:71 | Tenable Error: response: {"error":"User does not have permissions needed for this resource."}

Can somebody help me regarding this,
Thanks in advance for help.

0 Karma

nkeuning
Communicator

What Tenable product are you trying to connect to (Teanble.io/SecurityCetner)? If Tenable.io then you need to make sure the user you are connecting with has full administrator access. If SecurityCenter then you need to make sure the you have a normal user account with access to read from the correct repositories.

0 Karma

jadengoho
Builder

Thank you for that answer, will try to do that and see if it would work.
Follow up question : Is it right to input "cloud.tenable.com" on the (tenable add-on for splunk)Credentials > Address *?

0 Karma

nkeuning
Communicator

Assuming you are creating a Tenable.io set of credentials, yes that is correct.

0 Karma

ferdydek
Path Finder

I keep getting "Please enter valid Address or configure valid proxy settings or verify SSL certificate." when attempting to configure access to tenable.io with "cloud.tenable.com".

Curl towards tenable.io API with the same access tokens and proxy information works correctly. The account is Administrator.

Any ideas on how to further troubleshoot it?

0 Karma

nkeuning
Communicator

Did you configure the proxy in the Add-On configuration screen?

0 Karma

ferdydek
Path Finder

Yes, the proxy is added correctly, there is a significant difference in "timeout" to this error if proxy information is not provided, so we know the proxy is set correctly.

0 Karma

nkeuning
Communicator

At this point it would be best if you create a support ticket at support.tenable.com. If you can enable debug logging and includ that in the initial request that would be helpful too. Please make sure to let them know you have done some preliminary debugging with Nick Keuning, on the integrations team, as well.

0 Karma

ferdydek
Path Finder

Sure, will do. Where would I set and later see the debug logging?

0 Karma

nkeuning
Communicator

To set debugging go to Tenable Add-On->Configuration->Logging. All of the Add-On logs are stored in the _internal index within splunk:
index="_internal" source="ta_tenable"

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...