TOC & Recently Viewed

Recently Viewed Topics

AUDIT_XML Check

The AUDIT_XML check pulls XML data from a the target, transforms it, and provides the result based on the evaluation criteria.

Usage

<custom_item>

type : AUDIT_XML

description : ["description"]

request : ["api endpoint"]

xslt_stmt : ["xsl transformation"]

(optional) regex : ["regular expression"]

expect : ["regular expression of text that needs to be found"]

not_expect : ["regular expression of text that can not be found"]

(optional) check_option : [YES|NO]

(optional) match_all : [CAN_BE_NULL|CAN_NOT_BE_NULL]

(optional) match_case : [YES|NO]

</custom_item>

request

The request is the identification of the NetApp API endpoint that is queried to retrieve the data.

Example endpoint: "<volume-get-filer-info></volume-get-filer-info>"

xslt_stmt

The xslt_stmt is an XSL template transformation that is used to convert the returning API result into a block of text that can be evaluated.

The xslt_stmt can be a multi-line field, or multiple single line fields. In the plugin, the multiple single lines would be combined into a single multi-line value. If the xslt_stmt does not exist, or is empty, a FAILED/ERROR result is produced, but will contain the original XML for debugging and development purposes.

regex

(Optional) The regex is used to filter the full configurations to a smaller set of lines of text based on the regular expression.

expect or not_expect

The evaluation is based on expect or not_expect. Use only one of these fields in a check.

  • For expect, if the regular expression matches a line of text, the check results as PASSED. If there are no matches, the check results as FAILED.
  • For not_expect, if the regular expression matches a line of text, the check results as FAILED. If there are no matches, the check results as PASSED.

check_option

The primary value used in check_option is CAN_BE_NULL. This option allows the evaluation of the data to be empty to produce a PASSED result. The default is to require data to be returned.

match_all

Setting match_all to YES requires the item to match all lines of text, and not just a single line of text. If match_all is set to the default NO, only one line must match for the check to pass.

match_case

Setting match_case to YES makes the comparison case sensitive. If match_case is set to the default NO, the comparison is case insensitve.

Example

<custom_item>

type : AUDIT_XML

description : "Telnet is disabled"

request : "<security-protocol-get><application>telnet</application></security-protocol-get>"

xsl_stmt : '<xsl:template match="/">Telnet: <xsl:value-of select="//security-protocol-info/enabled" /></xsl:template>'

expect : "Telnet: false"

</custom_item>

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.