Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

What's your favorite vuln scanner to use with Splunk?

daniel333
Builder
‎11-23-2019 10:08 AM

All,

What's your favorite Vulnerability scanner to use with Splunk? That is what have you seen generate the best logs and metrics for Splunk data models and CIM?

0 Karma
Reply

jobobreck
New Member
‎03-12-2020 02:36 PM

With all due respect to the poster stating that vuln scan data is "state data" and should remain resident outside of Splunk, that response is very short sided and under-appreciates why one would want the data there.

Tenable products work well for vuln scanning, but they're less awesome for policy-based scans. Qualys has a better policy scanner, but it too has issues if you want to import into Splunk. If you're looking for a cost-effective for more simplistic data processing environments (ie 1 data center), and can roll your own reporting, Nessus Pro is a great solution.

0 Karma
Reply

jg91
Path Finder
‎11-24-2019 06:24 AM

Hello, If you want a commercial product Nessus is so good, but if you want a free Vuln scanner, you can use OpenVAS, it's has an App for Splunk but it's not released on splunkbase and it is accessible from OpenVAS website (google for it!) and also you can send OpenVAS scan results with syslog to Splunk and parse it manually.

0 Karma
Reply

ivanspl
New Member
‎12-03-2019 01:05 AM

Hi! Can you add link to OpenVAS App for Splunk? (yes, google delete :C)

Thank you!

0 Karma
Reply

jg91
Path Finder
‎12-08-2019 02:03 AM

Hi, you can find it at Tools section in doc subdomain of greenbone website.

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎11-24-2019 01:58 AM

Hi @daniel333,
if you're speaking about a probe like Nessus, we usually use Tenable Nessus and SecurityCenter integrated with Splunk and we have good results from the App in appbase ( https://splunkbase.splunk.com/app/4061/ ) and creating our own searches.

Ciao.
Giuseppe

0 Karma
Reply

starcher
Influencer
‎11-23-2019 08:09 PM

None, vuln data is state and belongs in a database. Trying to turn Splunk into a vuln management tool when it is based on time series events leads to pain. The best compromise is run reports of key vulns and send only that to Splunk for alerting and correlation. Just don’t try to feed everything in.

Reply
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

  Ready to master Kubernetes and cloud monitoring like the pros?Join Splunk’s Growth Engineering team for an ...

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...