Plugin Settings Section
The Plugin Settings section allows you to create custom, passive plugins, enable/disable existing plugins and PASLs, and modify the SIEM core queries.
The Plugin Settings section contains the following subsections:
- Plugin Management - Provides a list of enabled and disabled plugins, respectively, the options to move plugins between those lists
- PASL Management - Provides a list of enabled and disabled PASLs, respectively, and the options to move PASLs between those lists.
-
SIEM Plugin Management - Shows options for managing plugins related to SIEM analysis.
Note: SIEM analysis features are only available for RH/CentOS 7 and RH/CentOS 8.The following table provides a brief summary of each SIEM plugin setting:
SIEM Plugin Option Purpose Key Name The SIEM event category for events collected from a Windows or Linux system. Plugin IDs The plugin IDs associated with the selected SIEM event category/Key Name. SIEM Server The SIEM server related to the plugin. The options for this box are configured in the SIEM Servers section of the Tenable Nessus Network Monitor Settings Section. Query Prefix (Optional) The custom query prefix for additional query functionality. Core Query The system-generated query related to the selected Key Name. This query is not configurable. Query Suffix (Optional) The custom query suffix for additional query functionality. -
Create Custom Plugin - Shows options for creating custom plugins and creating new plugin fields.
The following table provides a brief summary of each custom plugin option:
Custom Plugin Option Purpose ID
The unique numeric ID of the plugin.
Name
The name of the plugin. The plugin name should start with the vendor name.
Description
The full text description of the vulnerability.
Synopsis
A brief description of the plugin or vulnerability.
Solution
Remediation information for the vulnerability.
See Also
External references to additional information regarding the vulnerability.
Risk
Info, Low, Medium, High, or Critical risk factor.
Plugin Output
Displays dynamic data in Tenable Nessus Network Monitor plugin reports.
Family
The family to which the plugin belongs.
Dependency
Other dependencies required to trigger the custom plugin.
NoPlugin
Prevents a plugin from being evaluated if another plugin has already matched. For example, it may make sense to write a plugin that looks for a specific anonymous FTP vulnerability, but to disable it if another plugin that checked for anonymous FTP had already failed.
No Output
For plugins that are written specifically to be used as part of a dependency with another plugin. When enabled, this keyword causes Tenable Nessus Network Monitor not to report anything for any plugin.
Client Issue
Indicates the vulnerability is located on the client side.
Plugin Type
Vuln, realtime, or realtimeonly plugin type.
cve
The CVE reference.
bid
The Bugtraq ID (BID) reference.
osvdb
The external reference (e.g., OSVDB, Secunie, MS Advisory).
nid
To track compatibility with the Tenable Nessus vulnerability scanner, Tenable® associates Tenable Nessus Network Monitor vulnerability checks with relevant Tenable Nessus vulnerability checks. Multiple Tenable Nessus IDs can be listed under one
nidentry such asnid=10222,10223.cpe
Filters the result of discovered vulnerabilities based on their CPE identifier.
Match
This keyword specifies a set of one or more simple ASCII patterns that must be present in order for the more complex pattern analysis to take place. The
matchkeyword gives Tenable Nessus Network Monitor significant performance and functionality.Regex
Specifies a complex regular expression search rule applied to the network session.
Revision
The revision number associated with custom plugin.
Raw Text Preview
A preview of the custom plugin in raw text. An xample of a custom plugin created to find a IMAP Banner of Tenable Rocks is:
id=79000
name=IMAP Banner
description=An IMAP server is running on this port. Its banner is Tenable Rocks
risk=NONE
match=OK
match=IMAP
match=server ready
regex=^.*OK.*IMAP.*Tenable Rocks