Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there any other way for our Splunk environment to receive Nessus data?

luongg
Explorer
‎07-26-2022 10:18 AM

Hello,

I've recently upgrade from Splunk 7.0 to Splunk 9.0. One of the things that ended up breaking is the Splunk Add-on for Tenable (5.1.4). I knew it was going to stop working due to compatibility issues and that's fine since we really needed to upgrade Splunk. Is there any other way for our Splunk environment to receive Nessus data? We currently have Nessus Professional Version 10 and it does not seem to work with the Tenable Add-on for Splunk. 

Thanks,

Grant

Labels (1)
Labels
0 Karma
Reply

VatsalJagani
SplunkTrust
SplunkTrust
‎07-26-2022 11:56 AM

@luongg - As the App is archived I think. so you can convert python scripts from it to make it compatible with Python3. And make it work for you.

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎07-27-2022 02:30 AM

The only version available on Splunkbase seems to be 5.2.4 so the 5.1.4 might indeed already be archived 🙂

0 Karma
Reply

luongg
Explorer
‎08-02-2022 12:17 PM

The 5.1.4 I'm talking about is for Splunk Add-On for Tenable. This is an old achieved modular input that allow our on-prem Nessus Pro scanner to send data to our Splunk environment via API credentials.

I've tested the Tenable Add-on for Splunk (5.2.4) and it doesn't work since we aren't using Tenable.io nor Tenable.sc. As of right now, I don't think there is a modular input solution to retrieve data from Tenable's "Nessus Pro" product unless you're using their cloud version (Tenable.io).

The Nessus Pro product we have is on-prem and it only exports scan results in a HTML and CSV format. What I current have done is just export the scan results out into a CSV file and have a Splunk Universal Forwarder monitor a directory that holds these CSV files which I have to manually copy&paste into. I was able to build a custom app within Splunk to parse the CSV fields to have Splunk make some sense of it. So far, that's the best solution that I can come up with. Hopefully, Splunk or Tenable comes up with a way to support this Nessus product better. 

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎07-26-2022 11:43 AM

Did you test the current version of the add-on? (5.2.4)

Anyway, the add-on itself - as I can see from the docs - just pulls the data from the REST endpoints. If I remember correctly, they return json by default. So if the built-in modular input from the add-on doesn't work properly, you could just pull the json on your own and ingest into Splunk.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...