Configure an Audit Trail

Required user role when using Tenable Nessus Manager: Standard, Administrator, or System Administrator

In Tenable Nessus, an audit trail is a debugging and troubleshooting tool that provides detailed information about plugin execution during a scan. It helps you understand why a specific plugin did or did not produce results for a target host by revealing underlying details, such as unmet plugin dependencies, authentication failures, or execution errors.

Note: The audit trail does not track modifications to scan results or log user activity (such as who launched a scan).

Audit trails are enabled by default in scan configurations. Use the following steps to configure a scan's audit trail:

Before you begin:

Ensure the Include Audit Trail Data advanced setting is enabled in Tenable Nessus.

To configure an audit trail:

In the top navigation bar, click Scans.
Do one of the following:
- In the upper-right corner of the page, click New Scan.
- Open an existing scan. Then, click Configure.
In the scan settings menu, click Advanced.
In the Debug Settings section, ensure that Audit Trail Verbosity is set to All audit trail data (default) or Only scan errors, depending on your organization's needs.
Click Save.

Tenable Nessus saves the audit trail configuration.

To view an audit trail after a scan completes:

In the top navigation bar, click Scans.

The My Scans page appears.
(Optional) In the left navigation bar, click a different folder.
On the scans table, click the scan for which you want to configure an audit trail.

The scan results appear.
In the upper right corner, click the Audit Trail button.

The Audit Trail window appears.
In the Plugin ID box, type the plugin ID used by one or more scans.

and/or

In the Host box, type the hostname for a detected host.
Click the Search button.

A list appears and shows the results that match the criteria that you entered in one or both boxes.