cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Jarrett
New Member
Member since: ‎08-02-2016
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎08-02-2016
Activity Feed
View All

Re: Splunk Add-on for Nessus: Why am I unable to c...

by in Splunk Enterprise Security
‎08-14-2016 07:18 PM
‎08-14-2016 07:18 PM
If the certificate is expired or not valid could this cause the data to not be input into the index? ... View more

Re: Splunk Add-on for Nessus: Why am I unable to c...

by in Splunk Enterprise Security
‎08-03-2016 01:41 PM
‎08-03-2016 01:41 PM
Thanks, I tried openssl it is either not installed or is not in the path variables. The Splunk instance is on a windows server but I come from a Unix background, from what I can see I am guessing Openssl is not installed or enabled by default? ... View more

Splunk Add-on for Nessus: Why am I unable to conne...

by in Splunk Enterprise Security
‎08-02-2016 05:34 PM
‎08-02-2016 05:34 PM
Hi There This is my first ever forum question / post so please let me know if there is any further information I may need to provide in order to help with resolving my issue. Issue I have been going round in circles trying to connect my Nessus Professional instance with Splunk Enterprise and the Enterprise Security application via the Splunk Add-on for Nessus to send scan data periodically. However, the index I created for Nessus data to populate is not being populated and remains empty, I have checked the logs in index=_internal sourcetype=ta:nessus:log (Shown Below), and appears to not be able to connect to default - https://xxx.xxx.xxx.xxx:8834/scans. Background Setup: Splunk is sitting in a server farm on network 1, subnet A * , Nessus is sitting in a server farm on network 1, subnet B * , my client machine is sitting in the client area on network 1, subnet C * . I have left the Nessus settings as default i.e. specifically listening on port 8834, I have generated API keys on the Nessus device and have configured the Splunk Add-on for Nessus with the address of the Nessus device and the API keys. Troubleshooting: I have tested telnet from my client machine to the Nessus device on port 8834, and netstat on the Nessus device shows a socket successfully created as socket clientMachine:ephemeralPort / xxx.xxx.xxx.xxx:xxxxxx. Telnet cannot be run from the Splunk Enterprise instance, however when i test cURL from Splunk Enterprise to Nessus I am not getting any downloads. (for example)* The point where it constantly fails is shown below in the log output from index=_internal sourcetype=ta:nessus:log - 2016-08-03 10:52:33,246 ERROR pid=2780 tid=MainThread file=nessus_rest_client.py:request:91 | Failed to connect https://xxx.xxx.xxx.xxx:8834/scans, reason=Traceback (most recent call last): File "D:\Program Files\Splunk\etc\apps\Splunk_TA_nessus\bin\nessus_rest_client.py", line 79, in request headers=headers) File "D:\Program Files\Splunk\etc\apps\Splunk_TA_nessus\bin\splunktalib\httplib2\__init__.py", line 1593, in request (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey) File "D:\Program Files\Splunk\etc\apps\Splunk_TA_nessus\bin\splunktalib\httplib2\__init__.py", line 1335, in _request (response, content) = self._conn_request(conn, request_uri, method, body, headers) File "D:\Program Files\Splunk\etc\apps\Splunk_TA_nessus\bin\splunktalib\httplib2\__init__.py", line 1291, in _conn_request response = conn.getresponse() File "D:\Program Files\Splunk\Python-2.7\Lib\httplib.py", line 1123, in getresponse raise ResponseNotReady() ResponseNotReady Any help is much appreciated, thanks. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM