Good Day
SecurityCenter v5.5.1 (on Tenable Appliance 4.6.1) and Tenable TA Nessus 5.1.1
After creating the "tenable_sc_inputs.cont" and "tenable_sc_servers.conf" I am getting this error in my TA_Nessus_sc.log. Any ideas what might be causing this?
2017-09-12 00:35:37,986 +0000 log_level=ERROR, pid=11404, tid=Thread-5, file=ta_data_collector.py, func_name=index_data, code_line_no=118 | [stanza_name="Security Center" data="sc_vulnerability" server="myservername.fqdn"] Failed to index data
Traceback (most recent call last):
File ".......\Splunk\etc\apps\Splunk_TA_nessus\bin\splunk_ta_nessus\splunktaucclib\data_collection\ta_data_collector.py", line 115, in index_data
self._do_safe_index()
File ".......\Splunk\etc\apps\Splunk_TA_nessus\bin\splunk_ta_nessus\splunktaucclib\data_collection\ta_data_collector.py", line 148, in _do_safe_index
self._client = self._create_data_client()
File ".......\Splunk\etc\apps\Splunk_TA_nessus\bin\splunk_ta_nessus\splunktaucclib\data_collection\ta_data_collector.py", line 95, in _create_data_client
self._checkpoint_manager)
File ".......\Splunk\etc\apps\Splunk_TA_nessus\bin\splunk_ta_nessus\splunktaucclib\data_collection\ta_data_client.py", line 55, in __init__
self._ckpt)
File ".......\Splunk\etc\apps\Splunk_TA_nessus\bin\splunk_ta_nessus\ta_tenable_sc_data_collector.py", line 18, in do_job_one_time
return _do_job_one_time(all_conf_contents, task_config, ckpt)
File ".......\Splunk\etc\apps\Splunk_TA_nessus\bin\splunk_ta_nessus\ta_tenable_sc_data_collector.py", line 24, in _do_job_one_time
server_info = _get_server_info(all_conf_contents, task_config)
File ".......\Splunk\etc\apps\Splunk_TA_nessus\bin\splunk_ta_nessus\ta_tenable_sc_data_collector.py", line 98, in _get_server_info
return global_config[consts.servers][server_name]
KeyError: u'myservername.fqdn'
I think I might have found the issue, I just need to test further to confirm but login into the api of Security Center in Nessus shows that the user i'm trying to pull scan data with does NOT have anything in "My Scans" nor the "All Scans" directory. I will try to generate some scan with this user later and update my findings but I believe this is it, scans are context sensitive per user.
Sorry to ask a question like 20 years later...
Did you ever get it to work?
What was the fix?
Was it permissions?
It was a Nessus user context "thing". The user in Nessus I was using had zero scans. When I used an account that we were using for scans, the "All Scans" section of the ui had actual scans to pull down via the TA, then was g2g after that.
I'm seeing this error also in my test box and prod, I think our tenable instance is 6.11 and the addon version also 5.1.1 where were seeing this exact code_line_no=118 error in the same python module.
Additionally seeing the same problem on rhel6 and rhel7 based hosts.