TOC & Recently Viewed

Recently Viewed Topics


This policy item checks if the service ACL is correct. The check is performed by calling the function QueryServiceObjectSecurity on the service handle.




description: ["description"]

value_type: [value_type]

value_data: [value]

(optional) check_type: [value]

service: ["servicename"]

(optional) acl_option: [acl_option]


The allowed type is:

value_type: SERVICE_ACL

value_data: "ACLname"

service: "ServiceName"

When using this audit type, please note the following:

  • The value_data field is the name of the ACL defined in the policy file.
  • The acl_option field can be set to CAN_BE_NULL or CAN_NOT_BE_NULL to force a success/error if the key does not exist.
  • The acl_allow and acl_deny fields correspond to “Successful” and “Failed” audit events.


Here is an example .audit file for auditing the “Alerter” service:



description: "Audit for Alerter Service"

value_type: SERVICE_ACL

value_data: "ACL3"

service: "Alerter"


Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.