Introduction to Splunk
Splunk is a Security Information and Event Management (SIEM) application used by Tenable customers to collect and store events from assets within the organization. Tenable Nessus Network Monitor provides the SIEM Pull Service to enhance the vulnerability management process through event collection and analysis. The SIEM Pull Service looks for risk-altering events in collected data and send the data to Tenable Vulnerability Management or Tenable Security Center for use in the Risk Based Vulnerability Management (RBVM) program. A risk-altering event is an event that changes an asset's risk posture (for example, starting or stopping a service) . When these events occur, and the event matches the core query provided with plugins, the SIEM Pull Service sends the data to Tenable Nessus Network Monitor, then to Tenable Vulnerability Management or Tenable Security Center.
The SIEM Pull Service monitors for the following four risk-altering event types:
For more information, see the following topics: