I have recently set up a virtual environment on a development machine. It is not meant for production, just testing. The machines are virtualized through virtual box. Splunk is on the Windows host, and Security Center is installed in a fresh CentOS installation with the firewall and selinux disabled. The SSL cert is the default one. The machines can see eachother on the network at the following IPs:
10.0.0.10 - Splunk (7.0.2)
10.0.0.20 - Security Center (5.7.1)
I have installed Splunk Add-on for Tenable. After searching tenable:sc:log, I am getting an error each time it tried to pull vulnerability data:
2018-11-21 20:22:10,740 +0000 log_level=ERROR, pid=30732, tid=Thread-4, file=ta_tenable_sc_data_collector.py, func_name=_do_job_one_time, code_line_no=67 | [stanza_name="Test SC Server" data="sc_vulnerability" server="Test SC Server"] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verification failed. The certificate validation is enabled. You may need to check the certificate and refer to the documentation and add it to the trust list.
I have search many posts here and have found varying solutions. I have also looked at the trouble shooting guide. Here is what I have tried:
Tried adding disable_ssl_certificate_validation = 1 to the following files based on others suggestions
etc\apps\search\local\inputs.conf
etc\apps\Splunk_TA_nessus\local\nessus.conf
etc\apps\Splunk_TA_nessus\local\inputs.conf
Also navigated to Security Center, exported the .cer/.pem file, and appended it to
etc\apps\Splunk_TA_nessus\bin\splunktalib\httplib2\cacerts.txt
Tried ensuring that Windows firewall is allowing port 8089 inbound communication as per someones comment to a post.
No matter what I seem to try, I am always told that certificate validation is enabled, and that the verification can failed. Any help would be great.
Thanks
... View more