Welcome to Tenable for Splunk

Last Updated: June 12, 2025

The Tenable for Splunk integration performs data collection, normalization, and visualization.

Note: The Tenable integration with Splunk also supports Splunk "Cloud" versions.

Changes in Tenable App for Splunk v6.1.0

  • Added "Assets Dashboard" for visualizing asset details of the following products: IO, SC, OT, WAS, and ASM

  • Added support for "WAS" and "OT" products in the "Vulnerability Center" dashboard.

Tenable App for Splunk Compatibility Matrix

  • Browser: Google Chrome, Mozilla Firefox

  • OS: Platform independent

  • Splunk Enterprise version: 9.4.x and 9.3.x

  • Supported Splunk Deployment: Splunk Cloud, Splunk Standalone, and Distributed Deployment

Changes in Tenable Add-On for Splunk v8.0.0

  • Added new input to collect TWAS data.

  • Added new input to collect TASM data.

  • Added support for providing the custom SSL certificate on the Account configuration page.

  • Updated the alert actions by adding an option to select Tenable account that user wants to use.

  • Updated the PyTenable to v1.6.2

Tenable Add-On for Splunk Compatibility Matrix

  • Browser: Google Chrome, Mozilla Firefox

  • OS: Platform independent

  • Splunk Enterprise version: 9.4.x and 9.3.x

  • Supported Splunk Deployment: Splunk Cloud, Splunk Standalone, and Distributed Deployment

Tenable integration topology:

Splunk pulls data from Tenable platforms and normalizes it in Splunk. The current Tenable Web App Scanning Add-on uses the following pyTenable SDK to retrieve all data.

Tenable Attack Surface Management (TASM) is a web-based inventory tool that you can use to identify internet-accessible assets that your organization may or may not know about. TASM identifies assets using DNS records, IP addresses, and ASN, and includes more than 180 columns of metadata to help you organize and inventorize your assets. TASM performs data collection and normalization.