Hi,
I am trying to pull logs from Nessus Professional installed on ec2 instance into Splunk. I installed Tenable Add-on for Splunk and Tenable App for Splunk. I am trying to configure Account within Tenable Add-on for Splunk. I am using Splunk 7.3.5. In the Add Account form, I see Tenable.io, Tenable.sc credentials, and Tenable.sc certificate inTenable Account Type drop down list. I chose Tenable.sc credentials based on some documentation found online. Is it correct selection? Also, within Address, I chose ip address of Nessus Professional in the format of 10.20.30.40 format. I did not mention any port such as 8834. I unselected 'Verify SSL Support' checkbox. I provided the username and password of service account created with Nessus Professional. There is no proxy. So I unchecked 'Proxy Enable' checkbox. When I saved, I am getting exception to check IP Address, Username and Password. I tried Tenable.io Account Type, just for curiosity, even though it is incorrect. I provided the access key ID and Secret Access Key for the user created in Nessus Professional within 'Add Account' form for Tenable.io Type. I am still getting same exception. Can you please let me know what I am doing wrong. What all ports do I need to open for communication between my machine with Splunk browser and Nessus Professional machine? Also, what prirvileges should the Nessus Professional user need to have? Also, is there a better way to feed Nessus Professional logs into Splunk?
Thanks a lot for your help
Good day.
Have you found an option to upload Nessus reports to Splunk?
If yes, please share information.
Thank you!
Hi @nspires. I'm attempting to do the same thing. Did you have any luck with
Nessus Pro? I've done it successfully with Tenable.io for a client but now need to get Pro working.
It is 2023 and I have not find a way to integrate Splunk with Nessus professional 10.
Anyone knows how to do it ?
Splunk Add-on for Tenable was withdrawer in 2019 from Splunk base by Tenable, so we can not use it anymore.
--
Mladen
Tenable for last few years has been pushing more and more forcefully for users to use .sc or .io by removing functionality from the Nessus Pro scanner. And API is the main victim here. So I wouldn't count on getting a quick and easy solution for this.