I have created a custom parsing rule to handle SYSLOG events sent by Tenable PVS sensors.
This is a very basic parsing rule, as only the first CEF fields are mapped to the SIEM fields - but it should be enough to catch the interesting stuff (see PVS Syslog format | Tenable Discussions Forum for details).
As this is not a support data source, you first need to configure it as:
Then, create custom types (you could use some default one instead, but then you'll need to change the mapping accordingly):
Then import and apply the attached parsing rule to the data source (I removed the aggregation to prevent information loss on my side).
I also attached a sample dashboard with the main Plugin Names.
Have a great day!
Thank you for sharing these details. To help add support for the product, please log a ticket with sample logs and any field mapping details that you can share. This will help our rules team to come up with the appropriate rules to get the data parsed. The more the number and variety of sample events, the better the accuracy of the parsed events.
Due to the nature of these logs, it would take too much time to anonymize them correctly before I can send you a snapshot. If you want to start supporting the PVS product, I suggest to get in touch with tenable directly so they can provide you fully documented materials.
Have a great day,
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center