Configure Tenable.sc Certificates
To set up the Tenable Add-on for Splunk:
- Log in to your data collection node.
In the left navigation bar, click Tenable Add-on for Splunk.
Click the Configuration tab.
Click the Add button.
The Add Account window appears:
- In the Tenable Account Type box, select Tenable.sc Certificates.
Enter the necessary information for each field. The following table describes the available options.
Note: The certificates you upload and configure must be associated with a specific user in Tenable.sc.
Input Parameters Description Account Name (Required) The unique name for each Tenable.sc data input. Tenable Account Type (Required) The type of Tenable account - Tenable.io, Tenable.sc API Keys, or Tenable.sc Certificate. Address (Required) The hostname or IP address for Tenable.sc. Verify SSL Certificate If enabled, Splunk verifies the SSL Certificate in Tenable.sc. Certificate Filename The name of the certificate that you uploaded to $SPLUNK_HOME/etc/apps/TA-tenable/certs/. Key Filename The name of the key that you uploaded to $SPLUNK_HOME/etc/apps/TA-tenable/certs/. Key Password The password for the key file you uploaded. Proxy Enable
Enables the plugin to collect Tenable.sc data via a proxy server. If you select this option, the plug- in prompts you to enter the following:
- Proxy Type - the type of proxy used.
- Proxy Host - the hostname or IP address of the proxy server.
- Proxy Port - the port number of the proxy server.
- Proxy Username - the username for an account that has permissions to access and use the proxy server.
- Proxy Password - the password associated with the username you provided.
- Click Add to complete the configuration.
Install certificate authority:
Run the following command to make a backup of the cacert.pem file.
# cp $SPLUNK_HOME/etc/apps/TA-tenable/bin/ta_tenable/certifi/cacert.pem /tmp/cacert.pem
Run the following command to append the PEM-encoded root certificate authority that signed the Tenable.sc SSL certificate to the cacert.pem.
# cat <path_to_root_ca.pem> >> $SPLUNK_HOME/etc/apps/TA-tenable/bin/ta_tenable/certifi/cacert.pem
Run the following command to restart Splunk.
# /opt/splunk/bin/splunk restart
Splunk installs the self-signed certificate to trust in your configuration.
- Create an Input for the Tenable Add-On for Splunk.