TOC & Recently Viewed

Recently Viewed Topics

Create Input

After you complete the configuration for your Tenable Add-On for Splunk, you must create the input.

Steps

  1. In the Splunk interface, click the Inputs tab.

  2. Click the Create New Input button.

    A drop down appears.

  3. Select the appropriate Tenable application.

    The selected Tenable application input options open in a new window.

  4. Enter the necessary information for each field. The field descriptions are described below.

    Note: If you don't use the default index, you have to update the Tenable Macro.

    Tenable.io

    Input Parameters Description
    Name (Required) The unique name for each Tenable Tenable.sc data input.
    Interval (Required) The interval parameter specifies when the input restarts to perform the task again (in seconds).
    Index (Required) Select the index to store Tenable.io data in.
    Global Account (Required) The Tenable account from which data is acquired.
    Start Time The date and time to start collecting data from. If you leave this field blank, all historical data will be collected. (Enter in this format - YYYY-MM-DD hh:mm:ss.)
    Lowest Severity Score (Required) The lowest level of severity that will be stored.
    Historical Fixed Vulnerability Select if you want to import old, fixed vulnerabilities.
    Tags Add tags filter in the JSON format.

    Tenable.sc Vulnerability

    Input Parameters Description
    Name (Required) The unique name for each Tenable Tenable.sc data input.
    Interval (Required) The interval parameter specifies when the input restarts to perform the task again (in seconds).
    Index (Required) Select the index to store Tenable.sc data in.
    Global Account (Required) The Tenable account from which data is acquired.
    Start Time The date and time to start collecting data from. If you leave this field blank, all historical data will be collected. (Enter in this format - YYYY-MM-DD hh:mm:ss.)
    Sync Plugin Details If selected, plugin details are included.
    Historical Fixed Vulnerability Select if you want to import old, fixed vulnerabilities.
    Query Name Enter a name for Tenable.sc vulnerability filter.

    Tenable.sc Mobile

    Input Parameters Description
    Name (Required) The unique name for each Tenable Tenable.sc data input.
    Interval (Required) The interval parameter specifies when the input restarts to perform the task again (in seconds).
    Index (Required) Select the index to store Tenable.sc data in.
    Global Account (Required) The Tenable account from which data is acquired.
    Start Time The date and time to start collecting data from. If you leave this field blank, all historical data will be collected. (Enter in this format - YYYY-MM-DD hh:mm:ss.)
    Historical Fixed Vulnerability Select if you want to import old, fixed vulnerabilities.
    Query Name Enter a name for Tenable.sc vulnerability filter.
  5. Click Add to create the input.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.