Hi Folks,
I've been ingesting scan data, nessus type, into Splunk. When I view the Vulnerability center I see Unknown as signature, in the New Vulnerabilities table, as well as vendor_product being remote_searches.
I figure this is bad data. Where can I look to see why I am ingesting this?
Are you using the Splunk Add-on for Nessus, or the older TA-nessus?
Both are on there, but the older TA-nessus is disabled. It wasn't disabled when some of the data was ingested. I think they both may have been on.