Splunk Enterprise Security

Splunk App for Enterprise Security: Is there a way to clear out all previously imported Nessus data?

john_miller1
Explorer

I have been testing the Splunk Add-on for Nessus and want to start using the feature with fresh data. Is there a way to clear out all previously imported scans so we can start from scratch?

0 Karma
1 Solution

john_miller1
Explorer

Answered my own question, just had to check out the python scripts and how they parsed/assigned the data.

I did an all time search for: index=* (sourcetype=nessus OR orig_sourcetype=nessus) | delete

This removed the Nessus data from the vulnerabilities section of Enterprise Security.

View solution in original post

john_miller1
Explorer

Answered my own question, just had to check out the python scripts and how they parsed/assigned the data.

I did an all time search for: index=* (sourcetype=nessus OR orig_sourcetype=nessus) | delete

This removed the Nessus data from the vulnerabilities section of Enterprise Security.

Get Updates on the Splunk Community!

Splunk Community Platform Survey

Hey Splunk Community, Starting today, the community platform may prompt you to participate in a survey. The ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...

Avoid Certificate Expiry Issues in Splunk Enterprise with Certificate Assist

This blog post is part 2 of 4 of a series on Splunk Assist. Click the links below to see the other ...