icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Tenable Add-On for Splunk
SHA256 checksum (tenable-add-on-for-splunk_300.tgz) 6e6185d9d9679937a2c06043dd20825937e12c212ab5884f3a0d46d4b012ab5c SHA256 checksum (tenable-add-on-for-splunk_203.tgz) 7b05e971f50a92a51629404a431a69e6ef175f54af28e54b63e4f4bed5eabfc3
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Tenable Add-On for Splunk

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
The Tenable Add-On for Splunk provides a robust set of Adaptive Response actions and Inputs for operationalizing Tenable.io and Tenable.SC data in Splunk.

Splunk Cloud Support

If a version of our app is not yet supported on Splunk Cloud, you can request it be approved following this process: http://dev.splunk.com/view/app-cert/SP-CAAAE85
Unfortunately we can no longer request this.


Tenable How to guide

Upgrading from V1 to V2/3:

Upgrade Documentation
Backup your current app/configurations outside of the Splunk install path
Delete the app and all app configuration files from all Splunk search heads and heavy forwarders from the command line.
* rm -rf $SPLUNK_HOME/etc/apps/TA-tenable/
Install the V2 app (See How-To Guide)
Configure an account. (See How-To Guide)
Create a new index to store data in. (See How-To Guide) (You can't re-use an existing index as data formats have changed and it will be impossible to ensure numbers between your Tenable platform and Splunk are correct)
Configure an input. (See How-To Guide)
* Ensure that you have use the new index you created above

V2 Changelog:

  • Global:
    • Moved proxy configuration to a per account rather than global for all accounts
    • Added the ability to set a cron schedule for any input or interval seconds
    • Added Nessus Network Monitor (NNM) real-time event support/parsing
    • Moved from pulling vulnerabilities only when the state (open/reopened/fixed) changed to pulling data any time it is updated
  • Tenable.sc
    • Changed event index time for vulnerabilities from firstSeen to lastSeen
    • Added input type for Tenable.sc Mobile data
    • Moved to using Tenable.sc query name for pulling information
    • If Tenable.sc >= 5.7 is detected, you can now specify >= 1-hour interval rather than 1 day with Tenable.sc < 5.7
    • Added field aliases so all Tenable.sc fields can be searched for using the Tenable.io field naming convention.
    • Added a new input for Teneable.sc Mobile vulnerability data
    • Moved from pulling data with the firstSeen variable to lastSeen for open/reopened vulnerabilities
  • Tenable.io
    • Changed event index time for vulnerabilities from first_found to last_found
    • Moved from pulling data with the since variable to last_found for open/reopened and last_fixed for fixed vulnerabilities
    • Added the ability to pull all historically fixed vulnerabilities on first input sync
    • Added the ability to use Tenable.io assets tags to limit what vulnerabilities are synced
    • Added Adaptive Response Actions:
      • Get Vulnerability Summary
      • Request Scan
  • Nessus Network Monitor (NNM)
    • Added the ability to extract realtime syslog messages from NNM

Release Notes

Version 3.0.0
Nov. 15, 2019

Add tenable:io:plugins sourcetype that pulls plugin details directly from Tenable.io API
Moved to pyTenable for all Tenable platform interactions
Improved code documentation
Improved how asset state is set for Tenable.io
All Tenable code is fully Python 3 compatible
v3.1.0 will include Splunk library updates and add support for python 3 and Splunk 8

Version 2.0.3
July 18, 2019

Fixed an issue where duplicate events were being created


Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.