How to make the Nessus plugin output available in ...

nagapakatuta · ‎03-20-2018

Can anyone give me an insight on how to make a Nessus plugin output available in Splunk? I would like to make a dashboard for expiring SSL certificates based on the Nessus scanned results.

I tried to use Nessus plugin "SSL Certificate Expiry - Future Expiry = Plugin ID 42981". The events in Splunk do not include the plugin's output.

Nessus plugin output should like below:
Output
The SSL certificate will expire within 60 days, at
Apr 12 12:48:49 2018 GMT :
Subject : CN=test.websitename.com
Issuer : CN=test.websitename.com
Not valid before : Oct 19 12:48:49 2017 GMT
Not valid after : Apr 12 12:48:49 2018 GMT

Many thanks in advance.

kukoo23 · ‎07-17-2019

Add parameter --pluginoutput True to your local/input.conf

[script://./bin/nessus2splunk.py --pluginoutput True ]

By default Nessus2Splunk.py is not indexing plugin_output

(bin/nessus2plunk.py)
parser.add_argument('-p', '--pluginoutput',
dest='pluginoutput',
type=bool,
action='store',
help='If need to index the plugin_output element',
default=False)

cnestrud · ‎07-06-2018

I'm also having this problem. There are several fields including Synopsis, Description, Solution, See Also, and Plugin Output that I would like for Splunk to index. Please let me know if you came up with any solution.

How to make the Nessus plugin output available in Splunk events?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!