Tenable Macros

To modify the macro definition:

Tenable Index Macro

  1. Go to Settings-> Advance search-> Search Macros.
  2. For App, select Tenable App for Splunk.

  3. Click the search icon.

    Results appear.

  4. Click get_tenable_index.

    The get_tenable_index macro page appears.

  5. In the Definition entry field, update the definition to index=INDEX_NAME. The INDEX_NAME should be the same name entered when you created the data input.
  6. Click Save.

Tenable Source Types

  1. Go to Settings-> Advance search-> Search Macros.
  2. Click get_tenable_sourcetype.

    Note: Default macro definition is sourcetype=(tenable:sc:vuln OR tenable:io:vuln).