Solved: How to import Nessus reports and see results

evang_26 · ‎05-29-2014

Hello users,

I recently installed Splunk add-on for Nessus hoping that it would be easy to somehow upload reports (even automatically) to compare results etc.

However, it seems that I cannot find how to do it.

Could you please help me a bit?

Kind regards,
Evangelos

jcoates_splunk · ‎03-14-2015

digging this one out of the archives...

configure nessus or tenable security center to export xml reports into a spool directory
point the add-on for nessus at this directory. It will parse the reports into splunk-friendly data.
you may also want to configure the directory where the add-on for nessus will output the data, default is a local Splunk's input spool.

View solution in original post

lvsteche · ‎03-26-2015

With the default settings, the Nessus report files must be placed in the $SPLUNK_HOME/etc/apps/Splunk_TA_nessus/spool directory. The report files must be exported to the "dot nessus" XML format and have a file extension of .nessus.

jcoates_splunk · ‎03-14-2015

digging this one out of the archives...

configure nessus or tenable security center to export xml reports into a spool directory
point the add-on for nessus at this directory. It will parse the reports into splunk-friendly data.
you may also want to configure the directory where the add-on for nessus will output the data, default is a local Splunk's input spool.

bachube · ‎06-27-2014

You need to use a forwarder.

evang_26 · ‎06-02-2014

So, none of you have any clue regarding this question?

Regards,
Evangelos

How to import Nessus reports and see results

Get ready to show some Splunk Certification swagger at .conf24!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...