Tenable.sc integration with Elastic

Hi guys,

I am trying Tenable.sc integration with Elasticsearch.

I added the integration, configured the URL to be https://private_ip_address_of_sc
also included access key and secret key.

Also installed elastic-agent on tenable.sc machine. However, I can only see the metrics of agent. There is no data stream of tenable.sc coming into my elastic and kibana.

The integration dashboards "[Logs Tenable SC] Plugins" and others were showing "Field tenable_sc.plugin.id was not found".

Some error from fleet server was:
Error while processing http request: failed to execute rf.collectResponse: failed to execute http client.Do: failed to execute http client.Do: failed to read http.response.body: Post "https://x.x.x.x/rest/analysis": Post "https://x.x.x.x/rest/analysis": x509: certificate signed by unknown authority

Hello, @Wenwei,

Based on the x509: certificate signed by unknown authority message in the HTTP request error, the integration may be failing because the SSL/TLS certificate of your Tenable.sc instance is untrusted by Elastic Agent.

Under the advanced options for the Tenable.sc integration settings, you can expand Advanced Options to display the SSL Configuration section. Here you can configure additional SSL options, such as providing the certificate if your Tenable.sc instance is using a self-signed cert.

More details of the SSL configuration is located in the Elastic docs: Configure SSL | Filebeat Reference [8.6] | Elastic

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.