TOC & Recently Viewed

Recently Viewed Topics

Conditions

It is possible to define if/then/else logic in the Check Point audit policy. This allows the end-user to use a single file that is able to handle multiple configurations.

The syntax to perform conditions is the following:

<if>

<condition type:"or">

< Insert your audit here >

</condition>

<then>

< Insert your audit here >

</then>

<else>

< Insert your audit here >

</else>

</if>

Example:

<if>

<condition type: "OR">

<custom_item>

type: CONFIG_CHECK

description: "2.6 Install and configure Encrypted Connections to devices - 'telnet'"

regex: "set net-access telnet"

expect: "set net-access telnet off"

info: "Do not use plain-text protocols."

</custom_item>

</condition>

<then>

<report type: "PASSED">

description: "Telnet is disabled"

</report>

</then>

<else>

<custom_item>

type: CONFIG_CHECK

description: "2.6 Install and configure Encrypted Connections to devices - 'telnet'"

regex: "set net-access telnet"

expect: "set net-access telnet off"

info: "Do not use plain-text protocols."

</custom_item>

</else>

</if>

The condition never shows up in the report - that is, whether it fails or passes it won’t show up (it’s a “silent” check).

Conditions can be of type “and” or “or”.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.