I have never been able to get the TenableSC Modular Input to work. I get the following error:
<error><message>Error Querying Security Center: Error performing vuln::query::vulndetails : No JSON object could be decoded</message></error>
Because this error is occurring when running the query, the JSON for authenticating and getting a token work. The actual JSON which errors out looks like this
{'request_id': '1', 'action': 'query', 'module': 'vuln', 'token': 123456789, 'input': '{"sourceType": "cumulative", "tool": "vulndetails", "startOffset": "0", "endOffset": "54321"}'}
The only problem with the JSON I can see is the use of ' instead of ". However, I cannot explain why the double-quotes are being replaced with single-quotes.
Has anyone been able to get this modular input to work or found another way to import Tenable Security Center data into Splunk?
... View more