Plugin Rules

Required user role when using Tenable Nessus Manager: Standard, Administrator, or System Administrator

Plugin rules allow you to re-prioritize the severity of plugin results to better account for your organization’s security posture and response plan.

The Plugin Rules page allows you to hide or change the severity of any given plugin. In addition, you can limit rules to a specific host or specific timeframe. From this page you can view, create, edit, and delete your rules.

Note: You cannot apply custom plugin rules to PCI templates.

You can configure the following options for a plugin rule:

Option Description
Host

The host that the plugin rule applies to. You can enter a single IP address or DNS address, or you can leave the box blank to apply the rule to all hosts.

The Host option must follow the same formatting as the Designate hosts by their DNS name setting. In other words, if you disabled the setting, enter an IP address for Host. If you have the setting enabled, enter a DNS address for Host.

Note: If the plugin is enabled in two different scan configurations that have conflicting Designate hosts by their DNS name settings, Tenable recommends creating two separate plugin rules for the plugin: one rule for the IP address, and one rule for the DNS address.
Plugin ID The plugin that the plugin rule applies to.
Expiration Date (Optional) The date on which the plugin rule ages out.
Severity The severity that Nessus assigns the plugin while the plugin rule is active.

Use the following procedures to manage plugin rules:

  1. In the top navigation bar, click Scans.

    The My Scans page appears.

  2. In the left navigation bar, click Plugin Rules.

  3. In the upper right corner, click the New Rule button.

    The New Rule window appears.

  4. Configure the settings.

  5. Click the Save button.

    Tenable Nessus saves the plugin rule.

  1. In the top navigation bar, click Scans.

    The My Scans page appears.

  2. In the left navigation bar, click Plugin Rules.

  3. On the plugin rules table, select the plugin rule that you want to modify.

    The Edit Rule window appears.

  4. Modify the settings as necessary.

  5. Click the Save button.

    Tenable Nessus saves the settings.

  1. In the top navigation bar, click Scans.

    The My Scans page appears.

  2. In the left navigation bar, click Plugin Rules.

  3. On the plugin rules table, in the row for the plugin that you want to modify, click the button.

    A dialog box appears, confirming your selection to delete the plugin rule.

  4. Click the Delete button.

    Tenable Nessus deletes the plugin rule.

Example Plugin Rule

Host: 192.168.0.6

Plugin ID: 79877

Expiration Date: 12/31/2022

Severity: Low

This example rule applies to scans performed on IP address 192.168.0.6. Once saved, this plugin rule changes the default severity of plugin ID 79877 (CentOS 8: rpm (CESA-2014:1976) to a severity of low until 12/31/2022. After 12/31/2022, the results of plugin ID 79877 returns to its critical severity.