Yes, Understand your frustration.  Back in April 2019.  I took a serious look at the Splunk Addon for Tenable versus the Tenable Addon for Splunk. I ran both of these connector side by side bringing data two separate indexes in text;  did a full review of the tradeOff's for each of the connectors.   Splunk ended up getting me a varient of the first connector they helped develop for another government customer.  This other variant of the connector will allow for spath of the scan name.  I do rex on the scan name to bring out FISMA system ID numbers among check for other things. This is focused such to export the individual scans; but is written in such a way they can bring back 3 other important fields;  (accept_risk, recast_risk, has_been_mitigated). This connector is far more effective as it allows pass information plugins you don't get are are infrequent to change and you need to be passed and current to track OS, serial_number, barcode, make, model, os_build, other important info you may need to track. I had a meeting with Tenable Wednesday, and brought this up again.  I said I would check their newer connector and retest; as was a year since I looked at it; but just reading based on the notes; they have not changed to suit our needs.   Better off hitting up your Splunk Reps, if you need to know who mine is let me know. ... View more