There are several trade-offs that any organization needs to consider when modifying the default
.audit files and testing them on live networks:
- Which extensions should we search for?
- How much data should be scanned?
.audit files do not require the
max_size keyword. In this case, Nessus attempts to retrieve the entire file and will continue unless it has a match on a pattern. Since these files traverse the network, there is more network traffic with these audits than with typical scanning or configuration auditing.
If multiple Nessus scanners are being managed by a SecurityCenter, the data only needs to travel from the scanned Unix host to the scanner performing the vulnerability audit.