There are several trade-offs that any organization needs to consider when modifying the default
.audit files and testing them on live networks:
- Which extensions should we search for?
- How much data should be scanned?
.audit files do not require the
max_size keyword. In this case, Nessus attempts to retrieve the entire file and will continue unless it has a match on a pattern. Since these files traverse the network, there is more network traffic with these audits than with typical scanning or configuration auditing.
If multiple Nessus scanners are being managed by Tenable.sc, the data only needs to travel from the scanned Unix host to the scanner performing the vulnerability audit.