All Apps and Add-ons

Unable to create inputs for TA-Tenable add on

Navanitha
Path Finder

Hi,

I am trying to set up inputs on TA-Tenable add on and it fails with error "Argument validation for scheme=tenable_securitycenter: script running failed (killed by signal 9: Killed).". I installed "Tenable add-on for Splunk" version 3.1.0 on one of our heavy forwarder.

Anyone have any suggestions what could be wrong here?

0 Karma

thambisetty
SplunkTrust
SplunkTrust

try creating account and inputs from cli:

$SPLUNK_HOME/TA-tenable/local/ta_tenable_account.conf

[credentials]
address = tenable.comp.com
proxy_enabled = 0
tenable_account_type = tenable_securitycenter_api_keys
tenable_sc_access_key = <access_key>
tenable_sc_secret_key = <secret_key>
verify_ssl = 0

 

$SPLUNK_HOME/TA-tenable/local/inputs.conf

[tenable_securitycenter://Tenable_SC_Vulnerability]
fixed_vulnerability = 1
global_account = credentials
index = <your_index_name>
interval = 86400
start_time = 2022-01-03T00:00:00Z
sync_plugins = 1
disabled = 0
max_event_size = 67108864
page_size = 1000

Note: don't forget to change access_key,secret_key and your_index_name 

————————————
If this helps, give a like below.
0 Karma

daymauler
Explorer

This issue is usually due to latency issue with the network or HF. The workaround is to manually add the inputs by configuring the inputs.conf,  passwords.conf, ta_tenable_account.conf and the ta_tenable_settings.conf files. The password will be hashed after Splunk is restarted.

0 Karma

nkeuning
Communicator

If you are running on windows you may have to try a few times. We've found this to be extremely slow even on a clean install. Please feel free to open a support case with Tenable to help trackdown and resolve this.

Navanitha
Path Finder

I am running this on a Linux box 😞

0 Karma

robert_miller
Path Finder

Did you figure out the culprit, or how to increase the timeout?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...