Splunk Enterprise Security

Bad data showing up in Enterprise Security app

jravida
Communicator

Hi Folks,

I've been ingesting scan data, nessus type, into Splunk. When I view the Vulnerability center I see Unknown as signature, in the New Vulnerabilities table, as well as vendor_product being remote_searches.

I figure this is bad data. Where can I look to see why I am ingesting this?

0 Karma

jcoates_splunk
Splunk Employee
Splunk Employee

Are you using the Splunk Add-on for Nessus, or the older TA-nessus?

0 Karma

jravida
Communicator

Both are on there, but the older TA-nessus is disabled. It wasn't disabled when some of the data was ingested. I think they both may have been on.

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!