Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Need help with Tenable SC query

mackmarvin
New Member
‎08-26-2020 04:08 PM

I got a search query but I need help displaying the failed scans of the IP or devices. What field I use for that particular search.

0 Karma
Reply

kennetkline
Path Finder
‎10-23-2020 12:52 PM

Question what is definition of a failed scan?

Are you referring to setting "Display unreachable host" = Enabled

Display unreachable hosts

Disabled

When enabled, hosts that did not reply to the ping request are included in the security report as dead hosts. Do not enable this option for large IP blocks.


I used to use this setting a lot back in the day;  This should show up in pluginID=19506.

Days since last observed should be more than that of last scan.

index=nessus sourcetype="tenable:sc:vuln"  pluginID=19506

going to need to compare a live/dead hosts pluginText in verbose and see which flag; shows up.  Then focus on the needed Rex;  next week before I can run a test scan if this is what is meant to dig any further

0 Karma
Reply
Get Updates on the Splunk Community!

BORE at .conf25

Boss Of Regular Expression (BORE) was an interactive session run again this year at .conf25 by the brilliant ...

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...