Create an Input

After you complete the configuration for your Tenable Add-On for Splunk, you must create the input.

To create an input:

  1. In the Splunk interface, click the Inputs tab.

  2. Click the Create New Input button.

    A drop-down box appears.

  3. Select the appropriate Tenable application.

    The selected Tenable application input options open in a new window.

  4. Enter the necessary information for each field, described in the chart below.

    Note: If you don't use the default index, you must update the Tenable Macro.

    Tenable.io

    Input Parameters Description
    Name (Required) The unique name for each Tenable data input.
    Interval (Required) The interval parameter specifies when the input restarts to perform the task again (in seconds). The interval amount must be between 3600 and 86400.
    Index (Required) The index in which to store Tenable.io data.
    Global Account (Required) The Tenable account from which data is acquired.
    Start Time The date and time to start collecting data. If you leave this field blank, all historical data is collected. (Enter in this format - YYYY-MM-DD hh:mm:ss.)
    Lowest Severity Score (Required) The lowest level of severity that will be stored.
    Historical Fixed Vulnerability Allows the import of vulnerabilities fixed prior to the current day.
    Tags Limits vulnerabilities pulled to assets that have tags selected.

    Tenable.sc Vulnerability

    Input Parameters Description
    Name (Required) The unique name for each Tenable data input.
    Interval

    (Required) The interval parameter specifies when the input restarts to perform the task again (in seconds). The interval amount must be between 300 and 86400.

    Note: If using a Tenable.sc version previous to 5.7, the minimum interval you can select is 24 hours. If using Tenable.sc 5.7 or later, you can specify a minimum interval of an hour.

    Index (Required) The index in which to store Tenable.sc data.
    Global Account (Required) The Tenable account from which data is acquired.
    Start Time

    The date and time to start collecting data. If you leave this field blank, all historical data is collected.

    Note: Uses the YYYY-MM-DD hh:mm:ss format.

    Sync Plugin Details If selected, plugin details are included for the related tags in Tenable assets.
    Historical Fixed Vulnerability Allows the import of vulnerabilities fixed prior to the current day.
    Query Name

    A name for Tenable.sc vulnerability filter.

    Note: The interval must be query type - Vulnerability Detail List.

    Tenable.sc Mobile

    Input Parameters Description
    Name (Required) The unique name for each Tenable data input.
    Interval (Required) The interval parameter specifies when the input restarts to perform the task again (in seconds).
    Index (Required) The index in which to store Tenable.sc data.
    Global Account (Required) The Tenable account from which data is acquired.
    Start Time

    The date and time to start collecting data. If you leave this field blank, all historical data is collected.

    Note: Uses the YYYY-MM-DD hh:mm:ss format.

    Historical Fixed Vulnerability Allows the import of vulnerabilities fixed prior to the current day.
    Query Name

    A name for Tenable.sc vulnerability filter.

    Note: The interval must be query type - Vulnerability Detail List.

  5. Click Add to create the input.
  1. Run the All Time saved search.
  2. Schedule an All Time saved search.

Note: Tenable recommends running the saved search every 24-hours. However, you can adjust as needed.