Configure Tenable Vulnerability Management
To complete the installation process, you must complete the setup for the Tenable Add-on for Splunk.
Required User Role: Administrator
Before you begin:
Generate an API key in Tenable Vulnerability Management to complete the configuration. See the Tenable Vulnerability Management user guide for instructions on how to generate an API key. Do not use this API key for any other third-party or custom-built application or integration. It must be unique for each installed instance of the integration.
Note: Asset and vulnerabilities in Splunk might differ from individual scan results since the Splunk integration synchronizes cumulative vulnerability and asset data from the Tenable API endpoints.
To set up the Tenable Add-on for Splunk:
- Log in to the heavy forwarder where you installed the Tenable Add-on for Splunk.
In the left navigation bar, click Tenable Add-on for Splunk.
Click the Configuration tab.
Click the Add button.
A new window appears:
Enter the necessary information for each field. The following table describes the available options.
Input Parameters Description Account Name (Required) The unique name for each Tenable data input. Tenable Account Type (Required) The type of Tenable account - Tenable Vulnerability Management, Tenable Security Center API Keys, or Tenable Security Center Certificate Address (Required) The hostname or IP address for Tenable Vulnerability Management. Verify SSL Certificate If enabled, Splunk verifies the SSL certificate in Tenable Vulnerability Management. Access Key (Required) Tenable Vulnerability Management API access key. Secret Key (Required) Your Tenable Vulnerability Management API secret key. Proxy Enable
Enables the plugin to collect Tenable Vulnerability Management data via a proxy server. If you select this option, the plug- in prompts you to enter the following:
- Proxy Type - the type of proxy used.
- Proxy Host - the hostname or IP address of the proxy server.
- Proxy Port - the port number of the proxy server.
- Proxy Username - the username for an account that has permissions to access and use the proxy server.
- Proxy Password - the password associated with the username you provided.
- To complete the configuration, click Add.
- Create an Input for the Tenable Add-On for Splunk.