Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Need help with Tenable SC query

mackmarvin
New Member
‎08-26-2020 04:08 PM

I got a search query but I need help displaying the failed scans of the IP or devices. What field I use for that particular search.

0 Karma
Reply

kennetkline
Path Finder
‎10-23-2020 12:52 PM

Question what is definition of a failed scan?

Are you referring to setting "Display unreachable host" = Enabled

Display unreachable hosts

Disabled

When enabled, hosts that did not reply to the ping request are included in the security report as dead hosts. Do not enable this option for large IP blocks.


I used to use this setting a lot back in the day;  This should show up in pluginID=19506.

Days since last observed should be more than that of last scan.

index=nessus sourcetype="tenable:sc:vuln"  pluginID=19506

going to need to compare a live/dead hosts pluginText in verbose and see which flag; shows up.  Then focus on the needed Rex;  next week before I can run a test scan if this is what is meant to dig any further

0 Karma
Reply
Get Updates on the Splunk Community!

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...