Getting Data In

Configuring tenable Nessus with Splunk Enterprise


Greetings Community,

I am trying to integrate the Splunk Add-on tenable to collect scan details from Nessus. Unfotunately, no data has been collected. Here is what I confirmed to do:
1- I installed the add-on on my heavy forwarder and configured the correct index=nessus.
2- I also installed the add-on on the search head cluster as the guide suggested after deleting both "eventgen.conf" & "inputs.conf". (Splunk Add-on for Tenable, Splunk Docs)
3- Moreover, I ensured to get the correct keys from Nessus tenable when configuring the add-on on Splunk.
4- The indexers have the correct index.
5- Firewall ports have been allowed.

By running a tcpdump on my Heavyforwarder, I couldn't see any packages sent/received between it and the Nessus server. However, I manged to find two repetitive errors in the Nessuslog file as follow:


2017-08-26 19:38:42,209 +0000 log_level=ERROR, pid=6866, tid=MainThread,, func_name=main, code_line_no=186 | Tenable task encounter exception
Traceback (most recent call last):
  File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/", line 183, in main
  File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/", line 100, in run
    tconfig = tc.create_ta_config(settings, config_cls or tc.TaConfig)
  File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/", line 181, in create_ta_config
    return config_cls(meta_config, settings)
  File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktaucclib/data_collection/", line 21, in __init__
  File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktalib/", line 26, in __init__
    raise Exception("Failed to init ServerInfo")
Exception: Failed to init ServerInfo


2017-08-26 19:38:42,209 +0000 log_level=ERROR, pid=6866, tid=MainThread,, func_name=splunkd_request, code_line_no=42 | Failed to send rest request=, errcode=unknown, reason=Traceback (most recent call last):
  File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/splunktalib/", line 40, in splunkd_request
    headers=headers, body=data)
  File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/", line 1609, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/", line 1351, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/", line 1272, in _conn_request
  File "/opt/splunk/etc/apps/Splunk_TA_nessus/bin/splunk_ta_nessus/httplib2/", line 1075, in connect
    raise socket.error, msg
error: [Errno 111] Connection refused
0 Karma


Hi, I realize this is an older question, and I am not sure if this directly answers your question, but perhaps it could be of some help.

I recently developed a free open-source application called TenaPull, which processes Nessus data for ingestion by Splunk.  There is more information here:

GitHub repo:

0 Karma


@Mystica856 the few times I did run into the above issue was due to a bad API or Secret Key. Hopefuly when you generated your key you copied it down from Nessus. If you do have to pull new keys make sure that you copy them down in a safe place and try adding them back to both Host and Plugin on the HF configuration page.

0 Karma


Hi Grmpalot, thanks for taking the time to answer the question. I double checked the API but no luck. I am not sure what the exact issue is. Still looking around.

0 Karma

  1. Download Splunk Add-on for Tenable
  2. In Splunk, Manage apps (gear)>Install app from file>browse>Splunk-add-on-for-nessus
  3. After installing Launch app under actions column. Configure the Security Cetner Server. After the prompts adding the scanner will finalize the "input" configs.
  4. In Splunk, navigate to Searching & Reporting> Data Summary> sources tab

Tenable Nessus allows a splunk software admin to collect tenable vuln scan data from nessus and SecurityCenter via the REST API.

For more information, depending on why type of data you are trying to forward can be found in this document. I hope this is helpful.

Get Updates on the Splunk Community!

New Cloud Intrusion Detection System Add-on for Splunk

In July 2022 Splunk released the Cloud IDS add-on which expanded Splunk capabilities in security and data ...

Happy CX Day to our Community Superheroes!

Happy 10th Birthday CX Day!What is CX Day? It’s a global celebration recognizing innovation and success in the ...

Check out This Month’s Brand new Splunk Lantern Articles

Splunk Lantern is a customer success center providing advice from Splunk experts on valuable data insights, ...