Performance Considerations
There are several trade-offs that any organization needs to consider when modifying the default .audit
files and testing them on live networks:
- Which extensions should we search for?
- How much data should be scanned?
The .audit
files do not require the max_size
keyword. In this case, Nessus attempts to retrieve the entire file and will continue unless it has a match on a pattern. Since these files traverse the network, there is more network traffic with these audits than with typical scanning or configuration auditing.
If multiple Nessus scanners are being managed by Tenable Security Center, the data only needs to travel from the scanned Unix host to the scanner performing the vulnerability audit.