Summary
This guide provides detailed instructions for integrating Tenable with Splunk, focusing on data collection, normalization, and visualization processes. It outlines the changes made in the Tenable App for Splunk version 6.1.0 and the Tenable Add-On for Splunk version 8.0.0, including compatibility matrices for various Splunk environments. The document describes the installation and configuration steps for the Tenable Add-On, detailing the required user roles and permissions necessary for successful integration. Additionally, it explains the components involved in the integration, such as the Heavy Forwarder and Search Head, and their respective functions. The guide also includes information on the Tenable Attack Surface Management tool, which helps identify and manage internet-accessible assets. Furthermore, it covers the mapping of Tenable vulnerability findings to the Splunk Common Information Model, ensuring that users can effectively utilize the data within Splunk's framework. Best practices and frequently asked questions are also addressed to assist users in optimizing their integration experience.
