Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Need help with Tenable SC query

mackmarvin
New Member
‎08-26-2020 04:08 PM

I got a search query but I need help displaying the failed scans of the IP or devices. What field I use for that particular search.

0 Karma
Reply

kennetkline
Path Finder
‎10-23-2020 12:52 PM

Question what is definition of a failed scan?

Are you referring to setting "Display unreachable host" = Enabled

Display unreachable hosts

Disabled

When enabled, hosts that did not reply to the ping request are included in the security report as dead hosts. Do not enable this option for large IP blocks.


I used to use this setting a lot back in the day;  This should show up in pluginID=19506.

Days since last observed should be more than that of last scan.

index=nessus sourcetype="tenable:sc:vuln"  pluginID=19506

going to need to compare a live/dead hosts pluginText in verbose and see which flag; shows up.  Then focus on the needed Rex;  next week before I can run a test scan if this is what is meant to dig any further

0 Karma
Reply
Get Updates on the Splunk Community!

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

The new SOC4Kafka connector, built on OpenTelemetry, enables the collection of Kafka messages and forwards ...

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Building Momentum: Splunk Developer Program at .conf25

At Splunk, developers are at the heart of innovation. That’s why this year at .conf25, we officially launched ...