Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About nkeuning
nkeuning
Communicator
Member since:
06-21-2018
11-10-2021
Community Statistics
| Posts | 44 |
| Solutions | 7 |
| Karma Given | 0 |
| Karma Received | 5 |
| Member Since | 06-21-2018 |
Activity Feed
- Got Karma for Re: Unable to create inputs for TA-Tenable add on. 01-05-2022 01:24 AM
- Posted Re: Getting error while setting up TA-Tenable add-on. on All Apps and Add-ons. 11-10-2021 10:15 AM
- Posted Re: Getting error while setting up TA-Tenable add-on. on All Apps and Add-ons. 11-10-2021 09:45 AM
- Posted Re: Getting error while setting up TA-Tenable add-on. on All Apps and Add-ons. 11-10-2021 09:44 AM
- Got Karma for Re: In the Tenable Add-On for Splunk, what is the best way to determine if a vulnerability still exists on a host system?. 05-03-2021 08:54 AM
- Got Karma for Re: Integrate Tenable nessus(sc) with splunk. 06-05-2020 12:50 AM
- Got Karma for Re: Integrate Tenable nessus(sc) with splunk. 06-05-2020 12:50 AM
- Got Karma for Re: In the present version of Tenable Add-On for Splunk, why is scan result information missing in logs?. 06-05-2020 12:49 AM
- Posted Re: Tenable Add-on for Splunk Giving Oops 404 Error when trying to configure on All Apps and Add-ons. 03-02-2020 02:59 PM
- Posted Re: Unable to create inputs for TA-Tenable add on on All Apps and Add-ons. 02-11-2020 10:25 AM
- Posted Re: Vulnerabilities number in splunk not matching vulnerabilities in Tenable for same ip(Machine) on All Apps and Add-ons. 02-10-2020 05:33 PM
- Posted Re: Scan Results from Tenable SC on All Apps and Add-ons. 11-07-2019 10:00 AM
- Posted Re: convert First discovered date to human readable date format on All Apps and Add-ons. 09-17-2019 10:35 PM
- Posted Re: Integrate Tenable nessus(sc) with splunk on All Apps and Add-ons. 09-11-2019 12:18 PM
- Posted Re: Tenable add-on for Splunk: How to allow full ingestion on All Apps and Add-ons. 06-25-2019 11:19 AM
- Posted Re: Tenable Add-On for Splunk ins't loging into Security Center with interval on All Apps and Add-ons. 06-19-2019 02:28 PM
- Posted Re: Nessus Manager Support in "Tenable Add-On for Splunk" on All Apps and Add-ons. 05-02-2019 07:50 PM
- Posted Re: Why are we seeing a disparity between results in Tenable SecurityCenter vs those pulled by Add-on? on All Apps and Add-ons. 04-11-2019 12:25 PM
- Posted Re: In the present version of Tenable Add-On for Splunk, why is scan result information missing in logs? on All Apps and Add-ons. 02-26-2019 09:15 AM
- Posted Re: Unique IP and Hosts from Tenable on All Apps and Add-ons. 02-14-2019 08:50 PM
Topics I've Started
No posts to display.
12-19-2018
07:48 PM
It is hard to say without much more detail. Can you please open a case with support.tenable.com and include the following:
Latest full log from the add-on
Splunk Version
Tenable Add-on Version
Splunk OS
Is the add-on running from a Heavy forwarder?
Tenable.sc version
List item
Please reference this conversation when open the ticket so they can route it accordingly
P.S.
Given the way the add-on pulls/stores data there is a good chance there were not updates for us to pull for many days even if you scanned something.
... View more
12-18-2018
09:13 AM
Every time we login we create a session. This call happens every time we are done with the api to delete our session.
... View more
12-13-2018
08:53 AM
Our goal is to have it GA in Q1 with a long beta starting in January.
... View more
12-05-2018
12:18 PM
The whole design of the app is to duplicate as little data a possible.
We only index data based on the firstSeen or first_found date for each vulnerability on each host.
We only create a new event when the state of the vulnerability changes.
After the initial run of the input we only pull differential data.
Given the basic design above we rely on splunk deduping functionality on event creation to see events are identical and not create duplicate events if for some reason duplicate data happens during a differential pull, which is very rare it could even happen.
... View more
12-04-2018
03:00 PM
We plan to support min 5 minute interval in the next major release of the apps as long as you are connecting to SC 5.7+.
... View more
11-15-2018
12:33 PM
If the data is available we will pull it. Just remember we only pull it the first time it is seen we never update the events or create new events when the plugin_output changes.
... View more
10-11-2018
10:09 AM
I'm checking with the dev team. It looks like there may be a logic issue. If we pull data from the cumulative view we get what are otherwise active vulns. These fall into open or reopened. open should be when hasBeenMitigated == false/0 and reopened should be when hasBeenMitigated == true/1. Thanks for double clicking into this. Can you please open a support case with Tenable so we can track this appropriately?
... View more
10-10-2018
05:17 PM
The state changes when 1) an open vulnerability is fixed (mitigated) OR 2) a previously fixed vulnerability is found again on the same machine. The possible states are open, reopened and fixed.
... View more
10-10-2018
12:47 PM
The theme of the next release is simpler searching of the data structures and improved tracking of state information and assets. No timeline yet as we are still in planning phases.
... View more
10-10-2018
12:01 PM
That is correct, we need the retention policy to be very long on our index. This will stay a requirement moving forward as it is the only way to bring the size of our data in splunk down to a manageable level and report the state of vulnerabilities. This will improve some in our next major release as we improve usability of our data.
... View more
10-09-2018
01:56 PM
1 Karma
Hi rrustong,
You are correct, we store only one event for each open vulnerability. This event is created/stored based on the firstSeen/first_seen date field. Your logic is correct, the only thing i might suggest is some de-duping and leveraging the state field. Here is an example i would use for SecurityCenter data:
get_tenable_index\ sourcetype="tenable:sc:vuln" | dedup ip, repository.id, pluginID, port, protocol | search state=open OR state=reopened
basically this gets the correct index, limits data to SC vulnerabilities, dedupes data so we only get the most recent vuln events for every host and then limits the results to only open or reopened vulns so we dont show fixed vulns.
Sincerely,
Nick
... View more
10-01-2018
09:26 PM
Tenable.io is 443 and SecurityCenter is 443 unless you customize the port that it runs on.
... View more
09-19-2018
11:35 AM
It only runs once per day. Please make sure you have your time filter set to all time since all events are indexed based on the firstSeen time of the vulnerability, not the time the integration ran.
... View more
09-06-2018
09:50 AM
Have you checked the TA logs?
index="_internal" source="*ta_tenable*"
... View more
08-31-2018
02:56 PM
To set debugging go to Tenable Add-On->Configuration->Logging. All of the Add-On logs are stored in the _internal index within splunk:
index="_internal" source="ta_tenable"
... View more
08-31-2018
02:15 PM
At this point it would be best if you create a support ticket at support.tenable.com. If you can enable debug logging and includ that in the initial request that would be helpful too. Please make sure to let them know you have done some preliminary debugging with Nick Keuning, on the integrations team, as well.
... View more
08-31-2018
11:11 AM
Did you configure the proxy in the Add-On configuration screen?
... View more
08-08-2018
08:26 AM
The first time the SC input runs it will pull ALL vulnerabilities for all time, indexed based on firstSeen time. The Splunk Input functionality only allows you to set an interval to run on, not control when the interval starts as far i know.
... View more
08-06-2018
08:27 PM
Assuming you are creating a Tenable.io set of credentials, yes that is correct.
... View more
- « Previous
-
- 1
- 2
- Next »
