Tenable Security Center Compliance Elements
-
The compliance attributes are added to the plugin output as embedded XML elements.
-
Using a grep command against a .nessus file, you can discover all the attributes in a scan result.
-
cat host_audit_scan.nessus| grep "<cm:com" | sort | uniq | cut -d">" -f1|uniq
-
-
Listed below are some of the common elements:
-
<cm:compliance-actual-value>some text here</cm:compliance-actual-value>
-
<cm:compliance-audit-file>some text here</cm:compliance-audit-file>
-
<cm:compliance-benchmark-name>some text here</cm:compliance-benchmark-name>
-
<cm:compliance-benchmark-profile>some text here</cm:compliance-benchmark-profile>
-
<cm:compliance-benchmark-version>some text here</cm:compliance-benchmark-version>
-
<cm:compliance-check-id>some text here</cm:compliance-check-id>
-
<cm:compliance-check-name>some text here</cm:compliance-check-name>
-
<cm:compliance-control-id>some text here</cm:compliance-control-id>
-
<cm:compliance-error>some text here</cm:compliance-error>
-
<cm:compliance-full-id>some text here</cm:compliance-full-id>
-
<cm:compliance-functional-id>some text here</cm:compliance-functional-id>
-
<cm:compliance-info>some text here</cm:compliance-info>
-
<cm:compliance-informational-id>some text here</cm:compliance-informational-id>
-
<cm:compliance-policy-value>some text here</cm:compliance-policy-value>
-
<cm:compliance-reference>some text here</cm:compliance-reference>
-
<cm:compliance-result>some text here</cm:compliance-result>
-
<cm:compliance-see-also>some text here</cm:compliance-see-also>
-
<cm:compliance-solution>some text here</cm:compliance-solution>
-
<cm:compliance-source>some text here</cm:compliance-source>
-
-
Using a regex pattern, you can search solutions with a keyword
-
Solution requires a firewall setting
-
regex: compliance-solution.*[fF]irewall.*compliance-solution
-
-
Solution requires a firewall setting and the firewall is not configured
-
regex: compliance-actual-value.*NULL.*cm:compliance-actual-value.*compliance-solution.*Firewall.*compliance-solution
-
-
-
Note in both examples the regex searches for the open and close tag elements. This approach is best used to ensure there is a less likelihood of an incorrect match.
-
The pluginText field is a single-line string when compared to the regex pattern. Shown in the image below is a sample pattern from the Security Center pluginText field.
-
Note that the End of Line characters are stored as a “\n”, as shown here:
-
\n<cm:compliance-source>custom<\/cm:compliance-source>\n
-