Splunk Enterprise Security

Bad data showing up in Enterprise Security app

jravida
Communicator

Hi Folks,

I've been ingesting scan data, nessus type, into Splunk. When I view the Vulnerability center I see Unknown as signature, in the New Vulnerabilities table, as well as vendor_product being remote_searches.

I figure this is bad data. Where can I look to see why I am ingesting this?

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

Are you using the Splunk Add-on for Nessus, or the older TA-nessus?

0 Karma

jravida
Communicator

Both are on there, but the older TA-nessus is disabled. It wasn't disabled when some of the data was ingested. I think they both may have been on.

0 Karma
Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!