Upload a Custom Audit File

When you configure the Compliance settings of a Nessus scan, you can upload the following custom audit files:

  • A Tenable-created audit file downloaded from the Tenable downloads page.
  • A Security Content Automation Protocol (SCAP) Data Stream file downloaded from a SCAP repository (for example, https://ncp.nist.gov/repository).

    The file must contain full SCAP content (Open Vulnerability and Assessment Language (OVAL) and Extensible Configuration Checklist Description Format (XCCDF) content) or OVAL standalone content.

  • A custom audit file created or customized for a specific environment. For more information, see the Nessus Compliance Checks Reference.

Before you begin:

  • Download or prepare the file you intend to upload.

    Note: Unlike standard audit files, you cannot configure custom audit file variable parameters in the Tenable Nessus user interface. To do this, you must edit the parameters directly in the audit file before uploading to Tenable Nessus.

    For example, when you upload a standard CIS CentOS 6 Server L1 v3.0.0 audit file to Tenable Nessus, the user interface allows you to configure a parameter named Network Time.

    If you want to change Network Time from its default value in a custom audit file, search for that field in the custom audit file. You will find the field's variable name: NTP_SERVER.

    Next, search for @NTP_SERVER@. Enclose the variable name with "@"s when performing this search.

    You will find four locations:

    • regex : "^[\\s]*server[\\s]+@NTP_SERVER@[\\s]*$"

    • expect: "^[\\s]*server[\\s]+@NTP_SERVER@[\\s]*$"

    • regex : "^[\\s]*server[\\s]+@NTP_SERVER@"

    • expect: "^[\\s]*server[\\s]+@NTP_SERVER@"

    Update the value you want to change directly in the audit file (192.0.2.0 in this example):

    • regex : "^[\\s]*server[\\s]+192.0.2.0[\\s]*$"

    • expect: "^[\\s]*server[\\s]+192.0.2.0[\\s]*$"

    • regex : "^[\\s]*server[\\s]+192.0.2.0"

    • expect: "^[\\s]*server[\\s]+192.0.2.0"

    Perform this search and replace process for all variables that you want to change from the default values.

To upload a custom audit file:

  1. Log in to the Tenable Nessus user interface.

  2. In the top navigation bar, click Scans.

    The My Scans page appears.

  3. In the upper right corner, click the New Scan button.

    The Scan Templates page appears.

  4. Click the scan template that you want to use.

    The scan settings page appears.

  5. Open the Compliance tab.

  6. In the Filter Compliance box, type custom.

    A list of the custom audit file types that you can upload appears.

  7. Select the custom audit file type that you want to upload.

    An Upload a custom audit file pane appears.

  8. Click Add File. Select the custom audit file to upload from your machine.

    Depending on the audit type, you may need to configure additional settings once you upload the custom audit.

  9. Do one of the following:

    • To launch the scan immediately, click the down button, and then click Launch.

      Tenable Nessus saves and launches the scan.

    • To launch the scan later, click the Save button.

      Tenable Nessus saves the scan.