Re: Tenable add-on stops after token delete

a_naoum · ‎12-18-2018

I have notice that from time to time the add-on stops collecting events for no visible reason (at least from the logs)
So I enable the debug mode in the logs to see if there is some more valuable information. I notice that since 1am we don't have any events, logs are empty as well.

Last recorded message in the tenable logs (ta_tenable_tenable_securitycenter.log) is:

DEBUG pid=30151 tid=MainThread file=connectionpool.py:_make_request:400 | https://xx.xxx.xx.xxx:443 "DELETE /rest/token HTTP/1.1" 200 100

Any idea for the reason?

nkeuning · ‎12-18-2018

Every time we login we create a session. This call happens every time we are done with the api to delete our session.

nkeuning · ‎12-19-2018

It is hard to say without much more detail. Can you please open a case with support.tenable.com and include the following:

Latest full log from the add-on
Splunk Version
Tenable Add-on Version
Splunk OS
Is the add-on running from a Heavy forwarder?
Tenable.sc version
List item

Please reference this conversation when open the ticket so they can route it accordingly

P.S.
Given the way the add-on pulls/stores data there is a good chance there were not updates for us to pull for many days even if you scanned something.

a_naoum · ‎12-18-2018

ok, sound logical but why is not create a new session rather stay dead until I do debug/refresh? It is the second day without events.

Tenable add-on stops after token delete

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...