The app says it would not need any configuration, however, upon loading the app, it returns no results in any of the multiple fields.
I am pulling vulnerability information from a Nessus scanner via the Splunk Universal Forwarder and the raw data is searchable in the "Search & Reporting" App.
Hi Matt. Are you using our addon for Nessus, or another app for pulling data out of your Nessus scanner? Additionally, what version of Nessus is your scanner running?
i am getting "Search produced no results", but when I modify the search string for "Number of hosts with scan results reported" to tag=vulnerability | stats distinct_count(dest)
it worked and gave me results.
Similarly, for "Top 10 Reporting Hosts with Vulnerabilities" I modified the search string to tag=vulnerability severity=* NOT severity=informational | chart count over dest by severity | sort -count limit=10 | rename low as Low, medium as Medium, high as High, critical as Critical
Can anyone tell me what are these reports (drop-down menu)?
Are plugin_id and report_id the same?
I'm facing lookup errors as well:
Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'nessus_vuln' and lookup table 'nessus_plugin_lookup'.
The lookup table 'qualys_qid_lookup' does not exist. It is referenced by configuration 'qualys_vuln'.
It looks like you might need to remove the Splunk_TA_nessus from your $SPLUNK_HOME/etc/apps and stick with TA-nessus if you are going to use the Hurricane Labs add on
any updates ??
No, nothing as of yet
Apologies, but I am still looking into this. I've found some unrelated bugs with the Nessus app but have been unable to recreate this one so far.
Hi. I'm using the Splunk Add on for Nessus to pull the data in. The version of Nessus being run is 6.5.3 on a Linux platform.