Plugin Rules
Required user role when using Tenable Nessus Manager: Standard, Administrator, or System Administrator
Plugin rules allow you to customize how vulnerability data appears in your scan results by altering the severity of a plugin or hiding it entirely. They serve as a risk-acceptance tool, helping you tailor your dashboard and reporting views to match your organization's specific security posture and risk tolerance.
When you create a plugin rule, you instruct Tenable Nessus to visually alter the output of specific plugins after a scan completes. Rules act strictly as post-scan reporting filters.
Customizing plugin severity or hiding irrelevant findings helps security teams focus on actionable data. By adjusting the presentation of scan results, you can reduce alert fatigue and streamline your remediation workflows without altering the vulnerability detection capabilities of the scanner.
For more information on managing plugin rules, see Manage Plugin Rules.
Considerations
Before configuring plugin rules, consider the following:
-
Scan duration and performance — Because the targeted plugins still actively execute during a scan, network traffic and overall scan duration remain completely unaffected by plugin rules.
-
Data exports — Raw .nessus file exports bypass plugin rules entirely. Exported .nessus files retain the original, unmodified vulnerability data and severity levels.
Example Plugin Rule
Host: 192.168.0.6
Plugin ID: 79877
Expiration Date: 12/31/2022
Severity: Low
This example rule applies to scans performed on IP address 192.168.0.6. Once saved, this plugin rule changes the default severity of plugin ID 79877 (CentOS 8: rpm (CESA-2014:1976) to a severity of low until 12/31/2022. After 12/31/2022, the results of plugin ID 79877 returns to its critical severity.