Before you begin:
- Complete the Upgrade from App v1 to v3 from Splunk v1to Splunk v3.
You must have sufficient permissions to integrate with Tenable.io or Tenable.sc.
The Security Manager role is required for Tenable.sc. (See the Tenable.sc User Guide for information about user role configuration.)
- The Admin role is required for Tenable.io. (See the Tenable.io user guide for information about user role configuration.)
Note: See the Splunk Environments section for additional information about the different types of Splunk deployments and their requirements.
Note: If you install the Tenable App for Splunk on the search head, you must also install the Tenable Add-on.
To install via the Splunk UI:
- Log in to Splunk.
Go to Apps at the top of the screen. Click Manage App.
Click Install app from file.
Next, choose the SPL file to install.
- Click upload.
Note: You must restart Splunk after installing the Tenable App or Tenable Add-On.
Note: Next, configure the Tenable application.