TOC & Recently Viewed

Recently Viewed Topics

Conditions

It is possible to define if/then/else logic in the Cisco audit policy. This allows the end-user to return a warning message rather than pass/fail in case an audit passes.

The syntax to perform conditions is the following:

<if>

<condition type: "or">

<Insert your audit here>

</condition>

<then>

<Insert your audit here>

</then>

<else>

<Insert your audit here>

</else>

</if>

Example

<if>

<condition type: "AND">

<item>

type: CONFIG_CHECK

description: "Forbid Auxiliary Port"

info: "Verify the EXEC process is disabled on the auxiliary (aux) port."

context: "line aux "

item: "no exec"

</item>

<item>

type: CONFIG_CHECK_NOT

description: "Forbid Auxiliary Port"

info: "Verify the EXEC process is disabled on the auxiliary (aux) port."

context: "line aux "

item: "transport input [^n][^o]?[^n]?[^e]?$"

</item>

</condition>

<then>

<report type: "PASSED">

description: "Forbid Auxiliary Port"

info: "Verify the EXEC process is disabled on the auxiliary (aux) port."

</report>

</then>

<else>

<report type: "FAILED">

description: "Forbid Auxiliary Port"

info: "Verify the EXEC process is disabled on the auxiliary (aux) port."

</report>

</else>

</if>

Whether the condition fails or passes never shows up in the report because it is a “silent” check.

Conditions can be of type “and” or “or”.

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.