Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Need help with Tenable SC query

mackmarvin
New Member
‎08-26-2020 04:08 PM

I got a search query but I need help displaying the failed scans of the IP or devices. What field I use for that particular search.

0 Karma
Reply

kennetkline
Path Finder
‎10-23-2020 12:52 PM

Question what is definition of a failed scan?

Are you referring to setting "Display unreachable host" = Enabled

Display unreachable hosts

Disabled

When enabled, hosts that did not reply to the ping request are included in the security report as dead hosts. Do not enable this option for large IP blocks.


I used to use this setting a lot back in the day;  This should show up in pluginID=19506.

Days since last observed should be more than that of last scan.

index=nessus sourcetype="tenable:sc:vuln"  pluginID=19506

going to need to compare a live/dead hosts pluginText in verbose and see which flag; shows up.  Then focus on the needed Rex;  next week before I can run a test scan if this is what is meant to dig any further

0 Karma
Reply
Get Updates on the Splunk Community!

New Year, New Changes for Splunk Certifications

As we embrace a new year, we’re making a small but important update to the Splunk Certification ...

[Puzzles] Solve, Learn, Repeat: Unmerging HTML Tables

[Puzzles] Solve, Learn, Repeat: Unmerging HTML TablesFor a previous puzzle, I needed some sample data, and ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...