Performance Considerations

There are several trade-offs that any organization needs to consider when modifying the default .audit files and testing them on live networks:

  • Which extensions should we search for?
  • How much data should be scanned?

The .audit files do not require the max_size keyword. In this case, Nessus attempts to retrieve the entire file and will continue unless it has a match on a pattern. Since these files traverse the network, there is more network traffic with these audits than with typical scanning or configuration auditing.

If multiple Nessus scanners are being managed by a SecurityCenter, the data only needs to travel from the scanned Unix host to the scanner performing the vulnerability audit.