Skip to main content

Splunk Lantern turns 5 on May 28th. Thank you for being one of our 750,000 annual users!
Click here to join our Slack channel to tell us what you love about the site or what content you'd like to see more of.
Lantern Home

 

Splunk Lantern

Source types and alert actions for the Tenable Add-on for Splunk

  1. Last updated
  2. Save as PDF

 

This page provides an overview of the source types and alert actions available within the Tenable Add-on for Splunk. The add-on allows you to ingest vulnerability, asset, plugin, compliance, and audit log data from Tenable.sc, Tenable.io, and Tenable OT Security into the Splunk platform.

By centralizing this data, you can gain comprehensive visibility into your security posture, identify vulnerabilities, and monitor compliance. Additionally, the add-on provides several adaptive response actions that enable you to take immediate action, such as initiating scans or retrieving vulnerability summaries directly from the Splunk platform. This integration streamlines vulnerability management workflows and enhances your ability to respond to threats effectively.

Source types for the Tenable Add-On for Splunk

Product Source type Function
Tenable OT Security

tenable:ot:vuln

 Collects cumulative vulnerability data from active and agent scans from licensed assets.
tenable:ot:assets Collects all assets data.
tenable:ot:plugin Collects all plugin detail data.
Tenable Security Center tenable:sc:vuln

Collects cumulative vulnerability and compliance data from active and agent scans.
tenable:sc:assets Collects all assets data.
tenable:sc:plugin Collects all plugin detail data.
Tenable Vulnerability Management tenable:io:vuln

Collects cumulative vulnerability data from active and agent scans from licensed assets.
tenable:io:assets Collects all assets data.
tenable:io:plugin Collects all plugin detail data.
Tenable Vulnerability Management: Audit logs tenable:io:audit_logs Collects all audit logs.
Tenable Vulnerability Management: Compliance module tenable:io:compliance Collects all compliance data.

For more information on source types, see the Tenable Documentation.

Alert actions for the Tenable Add-On for Splunk

Type Name Description
Adaptive Response Action (Splunk Enterprise Security) Scan Machine for Tenable SC Start a scan for a machine on Tenable SC server
Get Vulnerability Summary from Tenable IO Get current vulnerability from Tenable IO
Get current vulnerability from Tenable IO Request Scan for Tenable IO Request a scan for Tenable IO Asset
Request a scan for Tenable IO Asset Launch Remediation Scan for Tenable SC Launch a remediation scan on Tenable SC server
Get Vulnerability summary from Tenable SC Get current vulnerability from Tenable SC