Splunk Enterprise Security

Anyone have experience with ingesting Nessus scan data into Splunk with the new Tenable app/add-on ?

damode
Motivator

Anyone have experience with ingesting Nessus scan data into Splunk with the new Tenable app/add-on ?

if yes, please share what "application" type did you choose when configuring the add-on on the configuration page ?

Currently it gives three options
- Tenable.sc Credentials
- Tenable.sc Certificates

- Tenable.io

Which one do I choose for Nessus ?

nickhills
Ultra Champion

In their infinite wisdom, Tenable changed the features available across the Tenable/Nessus product line up a few years ago.

Essentially, they decided that unless you were subscribed to either Tenable.IO or Tenable Security Centre, you should not be able to export scan results into a SIEM (or any other tool)

At the time, they also removed the API allowing you to export data from nessus in its native format. There was much uproar over this, so I believe the API was restored, however, Tenable no longer actively 'support' extracting scan results from a stand alone nessus scanner. That is why the Tenable add-on only provides options for IO/SC.

If my comment helps, please give it a thumbs up!
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...