Components

The Tenable Add-on has specific purposes for each Splunk component. The available components are in the following list:

Heavy Forwarder

The Heavy Forwarder collects and forwards data for all events.

Note: Configure inputs to run from the heavy forwarder.

Note: Enable the key value store (KV) on the heavy forwarder.

Search Head

The Search Head allows full functionality of the Tenable Add-on adaptive response actions.

Note: Configure the Search Head with the same configuration details you have on the Heavy Forwarder for the adaptive response actions to work correctly.

Note: If you install the Tenable App for Splunk on the search head, you must also install the Tenable Add-on.