Configure Tenable.ad

You can connect to Tenable.ad using a syslog input. You must configure a default UDP/TCP data input of Splunk.

Source Type Description
tenable:ad:alerts This option configures Splunk to accept Tenable.ad alerts.

To configure Tenable.ad:

Complete the following steps in Splunk.

  1. In the top navigation bar, click Settings > Data Inputs.

    The Data Inputs page appears.

  2. In the Local Inputs section, scroll to TCP or UDP.

  3. Click the + Add New option in the TCP or UDP row.

    The Add Data page appears with the TCP/UDP option selected.

  4. Enter the port configuration information.
  5. At the top of the page, click Next.

    The Input Settings page appears.

  6. For the Source Type option, click New.

    Additional options appear.

  7. In the Source Type field, enter .tenable:ad:alerts.
  8. In the Source Type Category drop-down, select Tenable.
  9. (Optional) Enter a description in the Source Type Description field.
  10. Scroll down to the Index option.
  11. Click on the Index drop-down menu.
  12. Select an Index.
  13. At the top of the page, click Review.

  14. Review your configuration settings.

    Note: If your configuration needs edits, click Back to update your settings.

  15. At the top of the page, click Done.

Complete the following steps in Tenable.ad:

  1. In the Tenable.ad console, under Local Settings, go to the Servers > Syslog Servers screen.
  2. Click + Add Syslog Server.

    The Syslog Server configuration window is displayed.

  3. In the Server Name field, enter a name for your Splunk system.

  4. In the Hostname\IP field, enter the IP address of your Splunk system.

  5. In the Port field, enter the port number on the Splunk system to which the events will be sent.
  6. In the Transport field, select from the dropdown list the transport protocol to be used. (Options are TCP or UDP).
  7. Click Send Test Message to send a test message to verify that the configuration was successful, and check if the message has arrived. If the message did not arrive, then troubleshoot to discover the cause of the problem and correct it.
  8. Click Save.