- Splunk Answers
- :
- Splunk Premium Solutions
- :
- Security Premium Solutions
- :
- Splunk Enterprise Security
- :
- Re: What's your favorite vuln scanner to use with ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What's your favorite vuln scanner to use with Splunk?
All,
What's your favorite Vulnerability scanner to use with Splunk? That is what have you seen generate the best logs and metrics for Splunk data models and CIM?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
With all due respect to the poster stating that vuln scan data is "state data" and should remain resident outside of Splunk, that response is very short sided and under-appreciates why one would want the data there.
Tenable products work well for vuln scanning, but they're less awesome for policy-based scans. Qualys has a better policy scanner, but it too has issues if you want to import into Splunk. If you're looking for a cost-effective for more simplistic data processing environments (ie 1 data center), and can roll your own reporting, Nessus Pro is a great solution.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, If you want a commercial product Nessus is so good, but if you want a free Vuln scanner, you can use OpenVAS, it's has an App for Splunk but it's not released on splunkbase and it is accessible from OpenVAS website (google for it!) and also you can send OpenVAS scan results with syslog to Splunk and parse it manually.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi! Can you add link to OpenVAS App for Splunk? (yes, google delete :C)
Thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, you can find it at Tools section in doc subdomain of greenbone website.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @daniel333,
if you're speaking about a probe like Nessus, we usually use Tenable Nessus and SecurityCenter integrated with Splunk and we have good results from the App in appbase ( https://splunkbase.splunk.com/app/4061/ ) and creating our own searches.
Ciao.
Giuseppe
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
None, vuln data is state and belongs in a database. Trying to turn Splunk into a vuln management tool when it is based on time series events leads to pain. The best compromise is run reports of key vulns and send only that to Splunk for alerting and correlation. Just don’t try to feed everything in.
Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!
They're back! Join the SplunkTrust and MVP at .conf24
Enterprise Security Content Update (ESCU) | New Releases
