SIEM Analysis Section

Security Information and Event Management (SIEM) analysis allows you to import data from SIEM providers (for example, Splunk) to evaluate events that may warrant re-scanning the affected hosts.

Note: SIEM analysis features are only available for RH/CentOS 7 and RH/CentOS 8. Additionally, discovery mode must be turned off to view SIEM analysis features (see Tenable Nessus Network Monitor Settings Section for more information).
Note: You must deploy Tenable Nessus Network Monitor using the RPM appropriate to your site to activate the SIEM analysis feature.

Note: Tenable recommends that you only use trusted self signed certs for Splunk instances that are used with Tenable Nessus Network Monitor.

The SIEM Analysis section of the Monitoring page shows four charts that help you track and understand SIEM-related events occurring in your system:

  • Top 10 Asset Discovery Subnets

  • SIEM Category Distribution

  • Trending by Asset Discovery

  • Trending by Risk Altering Event

Note: The data collection that creates these charts can be configured in the SIEM Processing Options and SIEM Servers settings. See Tenable Nessus Network Monitor Settings Section for more information.

The SIEM Category Distribution and Trending by Risk Altering Events show data based on the risk-altering events discovered in your system. There are