Plugin Rules
Plugin rules allow you to re-prioritize the severity of plugin results to better account for your organization’s security posture and response plan.
The Plugin Rules page allows you to hide or change the severity of any given plugin. In addition, you can limit rules to a specific host or specific timeframe. From this page you can view, create, edit, and delete your rules.
You can configure the following options for a plugin rule:
| Option | Description |
|---|---|
| Host |
The host that the plugin rule applies to. You can enter a single IP address or DNS address, or you can leave the box blank to apply the rule to all hosts. The Host option must follow the same formatting as the Designate hosts by their DNS name setting. In other words, if you disabled the setting, enter an IP address for Host. If you have the setting enabled, enter a DNS address for Host. Note: If the plugin is enabled in two different scan configurations that have conflicting Designate hosts by their DNS name settings, Tenable recommends creating two separate plugin rules for the plugin: one rule for the IP address, and one rule for the DNS address.
|
| Plugin ID | The plugin that the plugin rule applies to. |
| Expiration Date | (Optional) The date on which the plugin rule ages out. |
| Severity | The severity that Nessus assigns the plugin while the plugin rule is active. |
Example Plugin Rule
Host: 192.168.0.6
Plugin ID: 79877
Expiration Date: 12/31/2022
Severity: Low
This example rule applies to scans performed on IP address 192.168.0.6. Once saved, this plugin rule changes the default severity of plugin ID 79877 (CentOS 7: rpm (CESA-2014:1976) to a severity of low until 12/31/2022. After 12/31/2022, the results of plugin ID 79877 returns to its critical severity.