Configure Tenable Nessus Network Monitor

You can connect to Tenable Nessus Network Monitor using a syslog input. Configure a default UDP/TCP data input of Splunk with the following steps.

Source Type Description
tenable:nnm:vuln This contains all vulnerability data.

To configure Tenable NNM with Splunk:

Complete the following steps in Splunk

  1. In the top navigation bar, click Settings > Data Inputs.

    The Data Inputs page appears.

  2. In the Local Inputs section, scroll to TCP or UDP.

  3. Click the + Add New option in the TCP or UDP row.

    The Add Data page appears with the TCP/UDP option selected.

  4. Enter the port configuration information.
  5. At the top of the page, click Next.

    The Input Settings page appears:

  6. For the Source Type option, click New.

    More options appear.

  7. In the Source Type field, enter tenable:nnm:vuln.
  8. In the Source Type Category drop-down, select Tenable.
  9. (Optional) Enter a description in the Source Type Description field.
  10. Scroll down to the Index option.
  11. Click on the Index drop-down menu.
  12. Select an Index.
  13. At the top of the page, click Review.

  14. Review your configuration settings.

    Note: If your configuration needs edits, click Back to update your settings.

  15. At the top of the page, click Done.

Complete the following steps in NNM

  1. Log in to NNM.
  2. Go to > Configuration.

    The Configuration page appears.

  3. In the Setting Type drop-down, click Syslog.

    The Syslog options appear.

  4. Next to Realtime Syslog Server List, click Add.

    The +Add Syslog Item window appears.

  5. In the IP field, enter the IP address of the Splunk server you configured to accept syslog.
  6. In the Port field, enter the port number you have Splunk set to listen to when syslog is on.
  7. For Format Type, select Standard.
  8. For Protocol, select the protocol you have set up to accept the syslog for Splunk.