Frequently Asked Questions

1. I am unable to save the account for TASM.

   • Check the Domain and API Key. Make sure each one is valid.

   • If using a proxy, check the proxy configuration.

2. I am unable to save the account for TSC and TOT.

   • Custom Certificate option has been added in v8.0.0, Make sure that SSL Certificate is valid if provided.

3. Input is created successfully but data is not getting collected.

   • Check the data by expanding the time range in Splunk search.

   • If using a proxy, check the proxy configuration.Make sure that you are entering correct search query. For example, if you want to search TASM data the search query will be: index = your_index sourcetype = tenable:asm:assets

   • Check the log messages for errors:

     • For logs related to TASM data collection: You can view the logs in the ta_tenable_tenable_asm.log log file by navigating to $SPLUNK_HOME/var/log/splunk/.

     • For logs related to TWAS Assets & Vulns: You can view the logs in the ta_tenable_tenable_was.log log file by navigating to $SPLUNK_HOME/var/log/splunk/.

     • Error log messages regarding TASM data collection can also be seen from Splunk search in “_internal” index: index = _internal source = *ta_tenable_tenable_asm.log* ERROR

     • Error log messages regarding TWAS Assets & Vulns data collection can also be seen from Splunk search in “_internal” index: index = _internal source = *ta_tenable_tenable_was.log* ERROR

     Note: $SPLUNK_HOME is the path where the Splunk is installed.