Snowflake KB_VALUE

The KB_VALUE check fetches data from the Knowldegebase (KB) and analyzes the output with regular expressions to identify if the data associated with the provided path matches the expected output. A KB is created for each target during a Tenable Nessus scan and is the collected information that is shared with other plugins.

Usage

Copy

<custom_item>
  type : KB_VALUE
  description : ["description"]
  kb_path : ["kb path to check"]
  (optional) regex : ["regular expression to reduce options"]
  expect : ["regular expression that passes if found"]
  (optional) kb_path_required : [YES|NO]
  (optional) match_all : [YES|NO]
  (optional) match_case : [YES|NO]
</custom_item>

kb_path

The kb_path is the path to the kb value(s) to be evaluated.

regex

(Optional) The regex is used to filter the full configurations to a smaller set of lines of text based on the regular expression. You can use multiple regex to narrow down the searchable configuration.

expect

For expect, if the regular expression matches a line of text, the check results as PASSED. If there are no matches, the check results as FAILED.

To indicate if all lines need to match or that lines are case-sensitive, use the modifiers match_all or match_case.

kb_path_required

(Optional) The kb_path_required field can be set to specify if the audited kb_path is required to be present or not. If this option is not set, it is assumed it is required.

match_all

(Optional) Setting match_all to YES requires the expectation to match all lines of text, and not just a single line of text. If match_all is set to the default of NO, only one line must match for the check to pass.

match_case

(Optional) Setting match_case to YES makes the comparison to be case sensitive. If match_case is set to the default of NO, the comparison is case insensitive.

Example

Copy

<custom_item>
  type        : KB_VALUE
  description : "Check port"
  kb_path     : "public/port*"
  regex       : "[0-9]+"
  expect      : "443"
</custom_item>