Splunk KB_VALUE Check

The KB_VALUE check fetches data from the Knowledgebase (KB) and analyzes the output with regular expressions to identify whether the data associated with the provided path matches the expected output. Nessus creates a KB for each target during a scan. Each KB describes the collected information that shared between plugins.

Usage

kb_path

The kb_path field is the path to the KB value or values to be evaluated.

regex

(Optional) The regex field is used to filter the full configurations to a smaller set of lines of text based on the regular expression. You can use multiple regex to narrow down the searchable configuration.

expect

(Optional) For the expect field, if the regular expression matches a line of text, the check results as PASSED. If there are no matches, the check results as FAILED.

To indicate whether all lines need to match or that lines are case-sensitive, use the modifiers match_all or match_case, respectively.

kb_path_required

(Optional) You can set the kb_path_required field to specify whether or not the audited kb_path is required to be present. If you do not set this option, the kb_path is required.

match_all

(Optional) Set match_all to YES to require all lines of text to match the expectation, and not just a single line of text. If you set match_all to the default of NO, only one line must match for the check to pass.

match_case

(Optional) Set match_case to YES to make the comparison case-sensitive. Set match_case to the default of NO to make the comparison case-insensitive.

Example