Installation

For Tenable Vulnerability Management:

Required User Role: Administrator

For Tenable Security Center:

Required User Role: Security Manager, Auditor, Security Analyst, or Vulnerability Analyst

Complete the installation and configuration of the Tenable applications for Splunk according to the following workflow.

Before you begin:

  • You must have Splunk downloaded on your system with a Splunk basic login.

Note: See the Splunk Environments section for additional information about the different types of Splunk deployments and their requirements.

Note: If you install the Tenable App for Splunk on the search head, you must also install the Tenable Add-on.

To install Tenable Add-on for Splunk and Tenable App for Splunk for the first time:

To install Tenable Web App Scanning Add-on for Splunk for the first time:

  1. Log in to Splunk.

  2. Go to Apps at the top of the screen.

    A drop-down menu appears:

  3. Click Find More Apps.

  4. On the Browse More Apps page, type Tenable in the search bar.

    Tenable-related options appear:

  5. Click the Install button next to Tenable Add-on for Splunk.

  6. Click the Install button next to Tenable Tenable Web App Scanning Add-on for Splunk.

  7. Restart Splunk if a Restart Required prompt displays.

Note: Follow steps 1 to 6 to install the Tenable App for Splunk.

To upgrade Tenable Add-on for Splunk and Tenable App for Splunk:

To upgrade Tenable Web App ScanningAdd-on for Splunk:

  1. Log in to Splunk.

  2. Go to Apps at the top of the screen.

    A drop-down menu appears:

  3. Click Manage Apps.

  4. In the search bar, type Tenable.

    Tenable-related options appear:

  5. In the Version column, click Update to x.y.z version link for Tenable Add-On for Splunk:

  6. In the Version column, click Update to x.y.z version link for Tenable Web App Scanning Add-On for Splunk:

  7. Restart Splunk if a Restart Required prompt appears.

Note:Follow steps 1 to 6 to upgrade the Tenable App for Splunk.

Note: You can optionally update the default chunk size for Tenable Vulnerability Management export host vulnerabilities and export host assets sync calls. To update the default setting, open the $SPLUNK_HOME/etc/apps/TA-tenable/default/inputs.conf file, and update value of vuln_num_assets (number of assets used to chunk the vulnerabilities) and assets_chunk_size (number of assets per exported chunk) in tenable_io stanza as per requirement. Save the file changes and restart Splunk.

Note: You may need to update the Tenable Macro, get_tenable_index, for data to begin populating the application dashboards.

Next, configure the Tenable application.