Archive
Highlighted

How to make the Nessus plugin output available in Splunk events?

Engager

Can anyone give me an insight on how to make a Nessus plugin output available in Splunk? I would like to make a dashboard for expiring SSL certificates based on the Nessus scanned results.

I tried to use Nessus plugin "SSL Certificate Expiry - Future Expiry = Plugin ID 42981". The events in Splunk do not include the plugin's output.

Nessus plugin output should like below:
Output
The SSL certificate will expire within 60 days, at
Apr 12 12:48:49 2018 GMT :
Subject : CN=test.websitename.com
Issuer : CN=test.websitename.com
Not valid before : Oct 19 12:48:49 2017 GMT
Not valid after : Apr 12 12:48:49 2018 GMT

Many thanks in advance.

Highlighted

Re: How to make the Nessus plugin output available in Splunk events?

Explorer

I'm also having this problem. There are several fields including Synopsis, Description, Solution, See Also, and Plugin Output that I would like for Splunk to index. Please let me know if you came up with any solution.

0 Karma
Highlighted

Re: How to make the Nessus plugin output available in Splunk events?

New Member

Add parameter --pluginoutput True to your local/input.conf

[script://./bin/nessus2splunk.py --pluginoutput True ]

By default Nessus2Splunk.py is not indexing plugin_output

(bin/nessus2plunk.py)
parser.addargument('-p', '--pluginoutput',
dest='pluginoutput',
type=bool,
action='store',
help='If need to index the plugin
output element',
default=False)

0 Karma