Tenable Macros

To modify the macro definition:

Tenable Index Macro

1. Go to Settings > Advance search > Search Macros.

2. In the App section, select Tenable App for Splunk.

3. Click the search icon.

   Results appear.

4. Click get_tenable_index.

   The get_tenable_index macro page appears.

5. In the Definition entry field, update the definition to index=INDEX_NAME. The INDEX_NAME should be the same name entered when you created the data input.

6. Click Save.

Tenable Source Types

1. Go to Settings > Advance search > Search Macros.

2. Click get_tenable_sourcetype.

   Note: The default macro definition is sourcetype=(tenable:sc:vuln OR tenable:io:vuln).