Tenable Security Center Compliance Elements

  • The compliance attributes are added to the plugin output as embedded XML elements.

  • Using a grep command against a .nessus file, you can discover all the attributes in a scan result.

    • cat host_audit_scan.nessus| grep "<cm:com" | sort | uniq | cut -d">" -f1|uniq

  • Listed below are some of the common elements:

    • <cm:compliance-actual-value>some text here</cm:compliance-actual-value>

    • <cm:compliance-audit-file>some text here</cm:compliance-audit-file>

    • <cm:compliance-benchmark-name>some text here</cm:compliance-benchmark-name>

    • <cm:compliance-benchmark-profile>some text here</cm:compliance-benchmark-profile>

    • <cm:compliance-benchmark-version>some text here</cm:compliance-benchmark-version>

    • <cm:compliance-check-id>some text here</cm:compliance-check-id>

    • <cm:compliance-check-name>some text here</cm:compliance-check-name>

    • <cm:compliance-control-id>some text here</cm:compliance-control-id>

    • <cm:compliance-error>some text here</cm:compliance-error>

    • <cm:compliance-full-id>some text here</cm:compliance-full-id>

    • <cm:compliance-functional-id>some text here</cm:compliance-functional-id>

    • <cm:compliance-info>some text here</cm:compliance-info>

    • <cm:compliance-informational-id>some text here</cm:compliance-informational-id>

    • <cm:compliance-policy-value>some text here</cm:compliance-policy-value>

    • <cm:compliance-reference>some text here</cm:compliance-reference>

    • <cm:compliance-result>some text here</cm:compliance-result>

    • <cm:compliance-see-also>some text here</cm:compliance-see-also>

    • <cm:compliance-solution>some text here</cm:compliance-solution>

    • <cm:compliance-source>some text here</cm:compliance-source>

  • Using a regex pattern, you can search solutions with a keyword

    • Solution requires a firewall setting

      • regex: compliance-solution.*[fF]irewall.*compliance-solution

    • Solution requires a firewall setting and the firewall is not configured

      • regex: compliance-actual-value.*NULL.*cm:compliance-actual-value.*compliance-solution.*Firewall.*compliance-solution

  • Note in both examples the regex searches for the open and close tag elements. This approach is best used to ensure there is a less likelihood of an incorrect match.

  • The pluginText field is a single-line string when compared to the regex pattern. Shown in the image below is a sample pattern from the Security Center pluginText field.

  • Note that the End of Line characters are stored as a “\n”, as shown here:

    • \n<cm:compliance-source>custom<\/cm:compliance-source>\n