Recently Viewed Topics
Create a Plugin Rule
Normally, to create a plugin rule for a user account, you must be logged in to Tenable.io using that account. However, administrators can impersonate a user account in order to create plugin rules for other users.
You will use plugin rules to manipulate the severity levels of results from plugins, as well as to hide results from plugins. Rules can be applied to all hosts, or to a specific host. If the rule is intended to be a temporary measure, you can also provide an expiration date, after which the rule will no longer apply to scans.
Your organization may want to create a set of rules that dictate the behavior of certain plugins related to the scans you are performing as a part of your role in the organization, as well as to better account for your organization’s security posture and response plan.
The following procedure can be performed by a standard user or administrator.
In the upper-right corner of the top navigation bar, click your name, and then click My Profile.
The My Profile page appears.
- On the center pane, click the Plugin Rules tab.
In the upper-right corner, click the New Rule button.
The New Rule window appears.
- Optionally, in the Host box, type the hostname or IP address of the host that you want the plugin rule to apply to. If no host is entered, the plugin rule will apply to all hosts.
- In the Plugin ID box, type the ID of a plugin.
- Optionally, in the Expiration Date box, type a date. If no date is entered, the plugin rule will never expire.
- In the Severity box, select the severity that you want to apply to results from this plugin, or select Hide this result.
- Click the Add button.
Example Plugin Rule
Consider the following values for a new plugin rule:
- Host: 192.168.0.6
- Plugin ID: 79877
- Expiration Date: 12/31/2017
- Severity: Low
Normally, results for the CentOS 7 : rpm (CESA-2014:1976) plugin (79877) are set to critical severity. This plugin rule will cause all results from the plugin to be set to low severity specifically for the host at 192.168.0.6. The results for other hosts will remain set to critical severity. After 12/31/2017, the plugin rule expires, and the results return to normal.