Skip to main content
Want the ultimate Splunk learning experience? Head to Boston a few days before .Conf25 to attend Splunk University!

Click for registration options.
Lantern Home

 

Splunk Lantern

Identifying web application vulnerabilities with Tenable WAS

  1. Last updated
  2. Save as PDF

 

Tenable Web App Scanning (WAS) is a dynamic application security testing (DAST) solution that helps organizations identify and address vulnerabilities in their web applications and APIs. The tool can scan cloud and on-premises web applications, identifying OWASP top 10 vulnerabilities and vulnerable third-party libraries.

You can use this data for threat intelligence purposes to make informed, data-driven decisions that enhance protection and reduce risk. By centralizing and retaining relevant vulnerability information, your team can receive timely alerts for critical issues and automate reporting processes, ensuring efficient monitoring and faster response to emerging threats.

Data required

Solution

Identifying WAS assets with the most severe vulnerabilities allows your team to track compliance, report status, and prioritize remediation of the affected assets.

Run the following search. You can optimize it by adjusting the time range:

index="tenable_WAS" sourcetype="tenable:asm:assets"
| join assetId [search index="tenable_WAS" sourcetype="tenable:was:vuln"
| eval assetId=id]
| table assetId, name, description, details.cves{}, severity
| eval severityRank=case(severity=="critical", 1, severity=="high", 2, severity=="medium", 3, severity=="low", 4, 1=1, 5)
| sort severityRank

Search explanation

Splunk search Explanation
sourcetype=tenable:asm:assets Search first by asset.
join assetId [search index="tenable_WAS" sourcetype="tenable:was:vuln" | eval assetId=id] Join assets with the associated vulnerability findings.
| table assetId, name, description, details.cves{}, severity Create a table to view key fields in the results.
| eval severityRank=case(severity=="critical", 1, severity=="high", 2, severity=="medium", 3, severity=="low", 4, 1=1, 5) Map the severity string to a number so it can be sorted.
| sort severityRank Sort by the level of severity from critical to low.

Next steps

These resources might help you understand and implement this guidance: