All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Vulnerabilities number in splunk not matching vulnerabilities in Tenable for same ip(Machine)

AFerns08
Engager
‎02-09-2020 02:20 PM

Hi,
we just ran a scan on a network and found some vulnerabilities in tenable for one particular machine(ipv4).

lets say 10 vulnerabilities were discovered on the tenable app but when i was checking splunk, i could only see 8 vulnerabilities in splunk. 2 events(vulnerabilities) were missing in splunk for the same machine.

We have the Tenable App for Splunk installed on our splunk search head.
Is this a truncation issue? below are the config from transforms.conf
[tenable:nnm:vuln]
DATETIME_CONFIG = CURRENT
EVAL-vendor_product = "Tenable xxx"
EVAL-product = "xxx"
EVAL-vendor = "Tenable"
TRUNCATE = 68000000
SHOULD_LINEMERGE = 0

0 Karma
Reply

nkeuning
Communicator
‎02-10-2020 05:33 PM

Please open a case with support.tenable.com and we can help track this down.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...