Configure Tenable Plugin for Mission Control
Before You Begin
-
Install and configure the following on Splunk Enterprise (version 8 or higher)
-
Tenable Add-On for Splunk (TA-tenable)provides all data collection and normalization functionality.
-
Tenable App for Splunk (TenableAppforSplunk) provides a dashboard to view the Tenable data in Splunk.
-
Splunk Enterprise Security 6.2.0
-
Splunk Connect for Mission Control 1.6.1
-
-
Access Splunk Mission Control:
-
Ensure you have access to a Splunk Mission Control tenant. If you do not have a tenant set up, contact your Splunk representative.
-
Configuration
To configure Tenable Plugin for Mission Control:
-
Confirm that you have an active connection in Splunk Connect for Mission Control.
-
In Mission Control, click on the ellipsis icon on the top right corner.
-
From the drop-down menu, navigate to Admin Settings > Product Settings > Splunk Connect for Mission Control.
-
Confirm that the connection status shows Active.Log in and navigate to the Mission Control Home page.
-
-
In the upper-right corner, click the ellipses icon on the top right corner. A drop-down menu appears.
-
From the drop-down menu, navigate to Product Settings > Splunk Connect for Mission Control. Select the instance configured with Mission Control. Save the deployment ID for future use. This deployment ID is used as a default instance while populating the Tenable Vulnerability Center dashboard.
-
Navigate to Product Settings > Plugin. If you do not see the Plugin page, contact your Splunk representative.
-
Select Tenable Plugin for Mission Control. The setup page appears.
-
Enable the Tenable Plugin for Mission Control by clicking the toggle.
-
In the Default Connection ID box, enter the deployment ID that you previously took note of.
-
If you see, the message Subscription Successful - you have enabled the plugin. You will be able to see Tenable Vulnerability Center Dashboard under Managed Dashboards sections in Dashboards drop-down.
-
Configure your notable events label to enable integration between the Tenable Plugin and Mission Control. The notable events label mcef_tenable_plugin_for_mission_control must be applied for the integration to work.
-
In the Splunk Connect for Mission Control application, navigate to Settings > Searches, reports, and alerts on Cloud/on-premise instance.
-
To filter the list, in the Owner drop-down box, select All.
-
To configure the saved searches to forward notables with specific label values of plugin Id, in the Mission Control - Forward Notable Events box enter the label mcef_tenable_plugin_for_mission_control.
-
Click Save. Splunk Mission Control is configured to forward notable events with this label to the Tenable Plugin for Mission Control dashboard.
-
Troubleshooting
If you are experiencing problems with setup or data retrieval with Tenable Plugin for Mission Control, refer to Troubleshooting.