Tenable Network Security PVS App for Splunk
The Tenable Passive Vulnerability Scanner™ (PVS™) monitors network traffic
at the packet layer to determine topology and identify services, security
vulnerabilities, suspicious network relationships, and compliance
violations. The PVS™ app for Splunk provides overview reports and searching
of the realtime event data generated by PVS.
A separate index will be created and used for PVS data. This is for search
time performance, it can also be use to control access to the data.
From the PVS UI, go to “Configuration”.
Select Syslog in the "Setting Type" dropdown.
Enter the IP and UDP Port of the Splunk server in the "Realtime Syslog Server
Note: Must be entered as IP:PORT (e.g 10.1.1.10:514).
The Tenable PVS Splunk App is designed to communicate natively using a UDP
port on the Splunk Indexer with a sourcetype of [syslog]. This can be a shared
input using the sourcetype of [syslog] or if another port is to be used then a
new input can be added with the sourcetype of [pvs]. Refer to props.conf
located in the $SPLUNK_HOME/etc/apps/pvs/default/props.conf which may need to be
altered to reflect the new configurations. More information on configuring the
props.conf file can be found at
Author: Tenable Network Security, Inc.
If you need assistance see the PVS Discussion Forum located at:
PVS is the property of Tenable Network Security, Inc.
Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.