All Apps and Add-ons

Splunk Add-on for Tenable: How to troubleshoot why I am not getting any search results for sourcetype=nessus:plugin?

himapate
Explorer

Hi ,

I am not able to get the Nessus scan data ( Only informational Events ), whereas the Nessus result has medium and high count.
Also, when I search for sourcetype=nessus:plugin, there is no result popping up.

0 Karma

hunters_splunk
Splunk Employee
Splunk Employee

Hi himapate,

Are you sure you have collected data of the nessus:plugin sourcetype? The add-on supports four nessus/tennable source types; make sure you are using the right source type.

Thanks!

0 Karma

himapate
Explorer

Yes i am collecting for the nessus sourcetype below is the stanza for the same in inputs.conf

[nessus://NessusPlugin]
metric = nessus_plugin
interval = 84600
url = https://:8834
access_key = 
secret_key =
start_date = 2016/01/01
page_size = 1000
index = nessus
batch_size = 0
start_by_shell = false
0 Karma

himapate
Explorer

Managed to get all the scan data but plugin issue remains the same

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...