Plugin Settings Section

The Plugin Settings section allows you to create custom plugins and also to enable and disable existing plugins and PASLs.

The Plugin Settings section contains the following subsections:

  • Plugin Management: displays a list of enabled and disabled plugins, respectively, the options to move plugins between those lists, and the option to delete custom plugins.
  • PASL Management: displays a list of enabled and disabled PASLs, respectively, and the options to move PASLs between those lists.
  • Create Custom Plugin: displays options for creating custom plugins and creating new plugin fields.

The following table provides a brief summary of each option available in the Create Custom Plugins subsection:

Custom Plugin Option Purpose


The unique numeric ID of the plugin.


The name of the plugin. The plugin name should start with the vendor name.


The full text description of the vulnerability.


A brief description of the plugin or vulnerability.


Remediation information for the vulnerability.

See Also

External references to additional information regarding the vulnerability.


Info, Low, Medium, High, or Critical risk factor.

Plugin Output

Displays dynamic data in NNM plugin reports.


The family to which the plugin belongs.


Other dependencies required to trigger the custom plugin.


Prevents a plugin from being evaluated if another plugin has already matched. For example, it may make sense to write a plugin that looks for a specific anonymous FTP vulnerability, but to disable it if another plugin that checked for anonymous FTP had already failed.

No Output

For plugins that are written specifically to be used as part of a dependency with another plugin. When enabled, this keyword causes NNM not to report anything for any plugin.

Client Issue

Indicates the vulnerability is located on the client side.

Plugin Type

Vuln, realtime, or realtimeonly plugin type.


The CVE reference.


The Bugtraq ID (BID) reference.


The external reference (e.g., OSVDB, Secunie, MS Advisory).


To track compatibility with the Nessus vulnerability scanner, TenableĀ® associates NNM vulnerability checks with relevant Nessus vulnerability checks. Multiple Nessus IDs can be listed under one nid entry such as nid=10222,10223.


Filters the result of discovered vulnerabilities based on their CPE identifier.


This keyword specifies a set of one or more simple ASCII patterns that must be present in order for the more complex pattern analysis to take place. The match keyword gives NNM significant performance and functionality.


Specifies a complex regular expression search rule applied to the network session.


The revision number associated with custom plugin.

Raw Text Preview

A preview of the custom plugin in raw text. An xample of a custom plugin created to find a IMAP Banner of Tenable Rocks is:


name=IMAP Banner

description=An IMAP server is running on this port. Its banner is Tenable Rocks




match=server ready

regex=^.*OK.*IMAP.*Tenable Rocks