Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About nkeuning
nkeuning
Communicator
Member since:
06-21-2018
11-10-2021
Community Statistics
| Posts | 44 |
| Solutions | 7 |
| Karma Given | 0 |
| Karma Received | 5 |
| Member Since | 06-21-2018 |
Activity Feed
- Got Karma for Re: Unable to create inputs for TA-Tenable add on. 01-05-2022 01:24 AM
- Posted Re: Getting error while setting up TA-Tenable add-on. on All Apps and Add-ons. 11-10-2021 10:15 AM
- Posted Re: Getting error while setting up TA-Tenable add-on. on All Apps and Add-ons. 11-10-2021 09:45 AM
- Posted Re: Getting error while setting up TA-Tenable add-on. on All Apps and Add-ons. 11-10-2021 09:44 AM
- Got Karma for Re: In the Tenable Add-On for Splunk, what is the best way to determine if a vulnerability still exists on a host system?. 05-03-2021 08:54 AM
- Got Karma for Re: Integrate Tenable nessus(sc) with splunk. 06-05-2020 12:50 AM
- Got Karma for Re: Integrate Tenable nessus(sc) with splunk. 06-05-2020 12:50 AM
- Got Karma for Re: In the present version of Tenable Add-On for Splunk, why is scan result information missing in logs?. 06-05-2020 12:49 AM
- Posted Re: Tenable Add-on for Splunk Giving Oops 404 Error when trying to configure on All Apps and Add-ons. 03-02-2020 02:59 PM
- Posted Re: Unable to create inputs for TA-Tenable add on on All Apps and Add-ons. 02-11-2020 10:25 AM
- Posted Re: Vulnerabilities number in splunk not matching vulnerabilities in Tenable for same ip(Machine) on All Apps and Add-ons. 02-10-2020 05:33 PM
- Posted Re: Scan Results from Tenable SC on All Apps and Add-ons. 11-07-2019 10:00 AM
- Posted Re: convert First discovered date to human readable date format on All Apps and Add-ons. 09-17-2019 10:35 PM
- Posted Re: Integrate Tenable nessus(sc) with splunk on All Apps and Add-ons. 09-11-2019 12:18 PM
- Posted Re: Tenable add-on for Splunk: How to allow full ingestion on All Apps and Add-ons. 06-25-2019 11:19 AM
- Posted Re: Tenable Add-On for Splunk ins't loging into Security Center with interval on All Apps and Add-ons. 06-19-2019 02:28 PM
- Posted Re: Nessus Manager Support in "Tenable Add-On for Splunk" on All Apps and Add-ons. 05-02-2019 07:50 PM
- Posted Re: Why are we seeing a disparity between results in Tenable SecurityCenter vs those pulled by Add-on? on All Apps and Add-ons. 04-11-2019 12:25 PM
- Posted Re: In the present version of Tenable Add-On for Splunk, why is scan result information missing in logs? on All Apps and Add-ons. 02-26-2019 09:15 AM
- Posted Re: Unique IP and Hosts from Tenable on All Apps and Add-ons. 02-14-2019 08:50 PM
Topics I've Started
No posts to display.
11-10-2021
10:15 AM
When. you open the ticket with Tenable they will have some min information they need from you. When you provide this please let them know you chatted with me on here so they ping me and i can take a look.
... View more
11-10-2021
09:45 AM
If you are on the latest version of the app and still having issue please open a support case with Tenable https://support.tenable.com/
... View more
11-10-2021
09:44 AM
Best guess is this is because you are using a very old app. I'd recommend starting with our latest version, 5.2.1. If you still have issues please open a support case with Tenable https://support.tenable.com/
... View more
03-02-2020
02:59 PM
Never seen this before. Sounds like a perms issue in splunk. I'd recommend making sure you are an admin and if you're still having issue, then open a support case with Tenable.
... View more
02-11-2020
10:25 AM
1 Karma
If you are running on windows you may have to try a few times. We've found this to be extremely slow even on a clean install. Please feel free to open a support case with Tenable to help trackdown and resolve this.
... View more
02-10-2020
05:33 PM
Please open a case with support.tenable.com and we can help track this down.
... View more
11-07-2019
10:00 AM
Please open a support case with support@tenable.com or through support.tenable.com portal. Please include examples of the specific data that is missing so we can help track this down.
... View more
09-17-2019
10:35 PM
There are a couple different ways you could do this.
- You could update your splunk search to convert these in real-time.
- You could customize the saved search to convert the timestamp from epoch to string prior to storing it in the lookup table. NOTE: T.sc and T.io provide different timestamp formats or the same values, so if you are using both you will need to take that into consideration with this option.
... View more
09-11-2019
12:18 PM
2 Karma
Im not sure why you box says "Nessus (SC)" but that is not Tenable.sc it is Nessus. The Tenable Add-On for Splunk only supports Tenable.sc and Tenable.io. You will need to connect it to one of these platforms, rather than directly to nessus. You can find more information on Tenable.sc here
... View more
06-25-2019
11:19 AM
Everything should work out of the box. If you are seeing inconsistencies please create a support case with Tenable and we can help resolve.
... View more
06-19-2019
02:28 PM
Please submit a support ticket to us with a copy of your full log so we can help identify what is going on.
... View more
05-02-2019
07:50 PM
At this time we do not support or have plans to support Nessus, Nessus Manager, or Nessus Agents. Today the Tenable developed apps are built to support our enterprise platforms Tenable.sc and Tenable.io. If you'd like to see this feature added please work with your support rep to submit a feature request for future consideration.
... View more
04-11-2019
12:25 PM
By default the Tenable Add-on for Splunk will pull ALL data the user we are configured to connect with has access to in Tenable.sc. There are obviously options on the Input for Tenable.sc that could limit this data a bit, but if you arent using/setting these it will pull everything. When you are comparing what you see in T.sc to what is in Splunk we recommend the following:
In T.sc login as the user configured for Splunk to use to pull data and go to the analysis ->vulnerabilities page and select the Vulnerability Detail List View. In the upper right-hand corner should be the total number of vulnerabilities you should see in Splunk.
In Splunk search against the index you have configured for your input for sourcetype="tenable:sc:vulns" | dedup ip, pluginID, port, protocol |search state!=fixed with a search window of All Time.
The way the current app stores data limits how much data we store drastically, but requires searches to be for all time as vulnerabilities are only indexed once based on their firstSeen time and never updated until their state changes.
Our V2 app that went EA yesterday changes all of this drastically so you may want to chat with your Tenable PoC about what is in the next version and all the changes it will provide.
... View more
02-26-2019
09:15 AM
Not today, but the next version will; v2.
... View more
02-14-2019
08:50 PM
The way the data is stored today you need to run your search against "all time".
... View more
02-14-2019
03:05 PM
The new version will be 2.x.x. it depends on view but unique assets in t.sc are unique based on ip, repository.id so you could use that in a splunk search and dedupe.
... View more
02-12-2019
08:15 PM
Please create a support ticket with tenable so we can help track down the issue. The only other thing i would recommend is expanding you search window as we index/store all vuln data based on first seen date so searching is a bit different than if we duplicated all data daily.
... View more
02-10-2019
07:23 PM
vulns/export is very much still used across all of our integrations. This api only returns a uuid that we use to check the status of the data to be pulled and finally we use a chunks endpoint to pull the actual results we get. This log shows that the request returned a 200 so it is working as expected.
... View more
01-09-2019
01:53 PM
The goal is to have the new app out by end of Q1 2019. Unfortunately the way that we need to pull data from SC doesnt lend itself to be correlated back to scans, because it is the collapsed view of all vulnerabilities found across all scans for every asset. The lastSeen date in the new app will be the last time that that vuln was found on that host during a scan. This will be the closest you can get to a scan date.
... View more
01-09-2019
08:48 AM
When we rebuilt the app we specifically dropped scan information. We now pull all data using the analysis api with the vulnerability detail list view (this is the same as the UI view). This allowed us to keep data storage way down and lighten the load put on SC for large deployments. We then index all data using the firstSeen time as the event time to create an event when the "state" (open/reopened/fixed) changes. While this works well today there are a few types of reporting that aren difficult or not possible. We are in the process of update the app to start updating the lastSeen time so that this can be used for reporting. Once this is implemented it will allow you to do similar reporting to last scan time you were doing before with all the other benefits of the new app.
... View more
