Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

PVS App for Splunk

Note: Passive Vulnerability Scanner (PVS) is now Nessus Network Monitor. To learn more about this application and its latest capabilities, visit the Nessus Network Monitor web page.

Thanks to Jason Toy for contributing to this post

Splunk Enterprise analyzes everything from customer clickstreams and transactions to network activity and call records, turning your machine data into valuable insights. The Tenable™ PVS app for Splunk increases the security threat intelligence of Splunk by sending it critical security-relevant information.

Why PVS

Adding PVS data to Splunk brings PVS, the only patented passive vulnerability scanner with deep packet inspection, to Splunk's platform. This streamlines tracking users, applications, cloud infrastructure, trust relationships, and vulnerabilities on all assets active on the network. PVS scans all networks safely; including SCADA and ICS, and it itemizes applications and vulnerabilities on mobile devices. PVS does all of this continuously, automatically, and in real-time.

The Tenable PVS app for Splunk finds the security-relevant information from tens of terabytes of traffic per day and feeds it to Splunk for comprehensive analysis.

From the time of installation, PVS performs automatic discovery of all devices, infrastructure, users, and vulnerabilities across more technologies than any other vendor. This includes OS, network devices, virtual systems, cloud-based systems, hypervisors, databases, tablets, phones, web servers, and critical infrastructure.

Experiencing the Benefits

By enhancing Splunk with PVS, network and asset awareness is dramatically improved. In Splunk, installing the PVS app creates a new eventtype called “pvs”, which are real-time events that will be recognized and parsed. The search fields included are source IP (src), source port (src_port), destination IP (dest), destination port (dest_port), protocol (protocol), plugin ID (PVS_pluginid), event name (PVS_eventname), and plugin specific data (PVS_data). Splunk searches can be applied to any of these fields.

In the PVS app for Splunk, Splunk can chart PVS events shown in the screenshot below:

 

 

 

 

With Google Maps for Splunk installed, you can quickly generate geographical information from the PVS real-time events. The image shows destination IPs over the past 24 hours.

 

 

 

 

How to Use

Splunk 6.x and PVS 4.0.x must be installed to use the PVS app for Splunk.

The free eval of PVS provides PVS for 30 days to try with this Splunk app before purchasing.

Here’s how easy it is to get started with the PVS app after both Splunk and PVS are installed:

  1. Log into PVS and navigate to PVS Settings/Configuration, and configure to send real-time syslog information to Splunk
  2. Download the Tenable Network Security PVS App for Splunk here by visiting: http://apps.splunk.com/app/1844/
  3. Log into Splunk and select ‘Manage Apps’ from the App menu
  4. Click ‘Install app’ button
  5. Click ‘upload file’ button, browse to locate the downloaded tenable-network-security-pvs-app-for-splunk_102.tgz file. Click ‘Open’ and ‘Upload’
  6. Click ‘Restart Splunk’ and confirm the restart
  7. After Splunk has restarted, login to Splunk. The PVS application will be ready to use.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training