I am trying to pull logs from Nessus Professional installed on ec2 instance into Splunk. I installed Tenable Add-on for Splunk and Tenable App for Splunk. I am trying to configure Account within Tenable Add-on for Splunk. I am using Splunk 7.3.5. In the Add Account form, I see Tenable.io, Tenable.sc credentials, and Tenable.sc certificate inTenable Account Type drop down list. I chose Tenable.sc credentials based on some documentation found online. Is it correct selection? Also, within Address, I chose ip address of Nessus Professional in the format of 10.20.30.40 format. I did not mention any port such as 8834. I unselected 'Verify SSL Support' checkbox. I provided the username and password of service account created with Nessus Professional. There is no proxy. So I unchecked 'Proxy Enable' checkbox. When I saved, I am getting exception to check IP Address, Username and Password. I tried Tenable.io Account Type, just for curiosity, even though it is incorrect. I provided the access key ID and Secret Access Key for the user created in Nessus Professional within 'Add Account' form for Tenable.io Type. I am still getting same exception. Can you please let me know what I am doing wrong. What all ports do I need to open for communication between my machine with Splunk browser and Nessus Professional machine? Also, what prirvileges should the Nessus Professional user need to have? Also, is there a better way to feed Nessus Professional logs into Splunk?
Thanks a lot for your help
... View more