cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
sdemoss
Explorer
Member since: ‎01-30-2013
‎09-04-2020
Community Statistics
Posts 4
Solutions 1
Karma Given 4
Karma Received 6
Member Since ‎01-30-2013
Activity Feed
View All

Re: Unable to Add Tenable.io Account in Tenable Ad...

by in All Apps and Add-ons
‎05-16-2019 01:58 PM
3 Karma
‎05-16-2019 01:58 PM
3 Karma
I was able to solve my own problem with some additional digging. It turns out that the README directory that ships with the TA includes sample configuration files, one of which is called ta_tenable_account.conf. Of course I only found this file after reviewing the various python files in the app's bin directory and extracting the configuration settings it was leveraging 🙂 Upon manually creating an account stanza in this file and restarting Splunk, my account was recognized/registered and I could successfully create an input and index data. I did not further troubleshoot the issue with TA's web UI for creating an account. To summarize, if you are receiving this error, do the following as a suitable workaround: 1. Copy the $SPLUNK_HOME/etc/apps/TA-tenable/README/ta_tenable_account.conf.spec file to the TA's local directory 2. Rename the file to remove the ".spec" suffix from the filename 3. Edit the file accordingly. A sample, valid configuration file looks like this: [myTenableIOAccountName] tenable_account_type = tenable_io address = cloud.tenable.com verify_ssl = 0 access_key = pasteYourApiAccessKeyHere secret_key = pasteYourApiSecretKeyHere Restart Splunk, open the Tenable TA and Create a Tenable.io input and you should be off and running. ... View more

Unable to Add Tenable.io Account in Tenable Add-on...

by in All Apps and Add-ons
‎05-15-2019 03:38 PM
‎05-15-2019 03:38 PM
We have installed the Tenable Add-on for Splunk to our HF as prescribed by the TA documentation. The necessary account on the Teanble side has been created and the API key pieces successfully generated. We have been able to validate this API key using various curl commands as well as testing the API endpoints through developer.tenable.com. However, when we attempt to configure the Tenable.io account inside of this TA, we are consistently given the "Please enter valid Address or configure valid proxy settings or verify SSL certificate." error message. There is no proxy in use here (again, the programatic API calls from the CLI all return valid results for various endpoints). Has anyone else encountered and successfully resolved this issue? My gut tells me that if I could successfully create a valid config file (ta_tenable_settings.conf?) that stores the API keys and account details (typically populated by the Web UI for the add-on), that this would all work just fine. However, I do not have an example of a valid configuration file that stores the details of the Tenable.io account. Thanks in advance! ... View more

Re: Has anyone successfully extracted Cisco Prime ...

by in All Apps and Add-ons
‎06-23-2017 09:02 AM
‎06-23-2017 09:02 AM
The answer is, it kind of depends. In our experience, it mostly was making a single API call to the reporting endpoint of interest as most of these have an 'entity detail' view where it will give you one result per entity with all of its respective details. For example, "AP Details" (/webacs/api/v1/data/AccessPointDetails) returns one result per endpoint with a TON of details about the specific Access Point. I would encourage you to simply login to Prime and enter some of the REST URL's in a browser. You can specify either XML or JSON format for results and it lets you quickly and easily check what data gets returned. We ended up doing some "pre-processing" of the results before indexing it into Splunk to optimize license consumption. ... View more

Re: Has anyone successfully extracted Cisco Prime ...

by in All Apps and Add-ons
‎05-15-2017 12:06 PM
3 Karma
‎05-15-2017 12:06 PM
3 Karma
mikev, I completed a fairly large project aimed at onboarding Cisco Prime data into Splunk. There are a few options we discovered (some a lot better than others) and a few lessons we learned along the way, mostly related to the nature of the data that Cisco Prime sends out of the system. For example, one of the syslog-style feeds (maybe the only one) is for this normalized data type that Prime maintains called "Events" which as near as I could tell, were a combination of Prime alarms/alerts, regular syslog messages, and certain SNMP traps. The focus of our project was mostly related to Cisco Wireless telementry to instrument performance, availability, fault tolerance, and end user experience/activity. In the end, we leveraged the Cisco Prime API, which I strongly encourage you to do as well (for at least part of your solution). The API allows quite a bit more flexibility and control on what you retrieve in addition to allowing for the opportunity to transform the output using a Splunk scripted input prior to indexing. This can be good for search optimization and/or controlling license consumption. The data format comes back as XML by default, but you can optionally request results in JSON. This link is for the Cisco Prime API reference doc - just use the version that matches your Prime installation. https://developer.cisco.com/site/prime-infrastructure/documents/api-reference/rest-api-v3-1/# ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎09-04-2020 11:09 PM
Karma from
Karma given to
View All