With all due respect to the poster stating that vuln scan data is "state data" and should remain resident outside of Splunk, that response is very short sided and under-appreciates why one would want the data there.
Tenable products work well for vuln scanning, but they're less awesome for policy-based scans. Qualys has a better policy scanner, but it too has issues if you want to import into Splunk. If you're looking for a cost-effective for more simplistic data processing environments (ie 1 data center), and can roll your own reporting, Nessus Pro is a great solution.
Hello, If you want a commercial product Nessus is so good, but if you want a free Vuln scanner, you can use OpenVAS, it's has an App for Splunk but it's not released on splunkbase and it is accessible from OpenVAS website (google for it!) and also you can send OpenVAS scan results with syslog to Splunk and parse it manually.
if you're speaking about a probe like Nessus, we usually use Tenable Nessus and SecurityCenter integrated with Splunk and we have good results from the App in appbase ( https://splunkbase.splunk.com/app/4061/ ) and creating our own searches.
None, vuln data is state and belongs in a database. Trying to turn Splunk into a vuln management tool when it is based on time series events leads to pain. The best compromise is run reports of key vulns and send only that to Splunk for alerting and correlation. Just don’t try to feed everything in.