Solved: Re: How to import Nessus reports and see results

evang_26 · ‎05-29-2014

Hello users,

I recently installed Splunk add-on for Nessus hoping that it would be easy to somehow upload reports (even automatically) to compare results etc.

However, it seems that I cannot find how to do it.

Could you please help me a bit?

Kind regards,
Evangelos

jcoates_splunk · ‎03-14-2015

digging this one out of the archives...

configure nessus or tenable security center to export xml reports into a spool directory
point the add-on for nessus at this directory. It will parse the reports into splunk-friendly data.
you may also want to configure the directory where the add-on for nessus will output the data, default is a local Splunk's input spool.

View solution in original post

lvsteche · ‎03-26-2015

With the default settings, the Nessus report files must be placed in the $SPLUNK_HOME/etc/apps/Splunk_TA_nessus/spool directory. The report files must be exported to the "dot nessus" XML format and have a file extension of .nessus.

jcoates_splunk · ‎03-14-2015

digging this one out of the archives...

configure nessus or tenable security center to export xml reports into a spool directory
point the add-on for nessus at this directory. It will parse the reports into splunk-friendly data.
you may also want to configure the directory where the add-on for nessus will output the data, default is a local Splunk's input spool.

bachube · ‎06-27-2014

You need to use a forwarder.

evang_26 · ‎06-02-2014

So, none of you have any clue regarding this question?

Regards,
Evangelos

How to import Nessus reports and see results

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024