TOC & Recently Viewed

Recently Viewed Topics

Plugin Settings Section

The Plugin Settings section allows the user create custom plugins and also to enable and disable existing plugins and PASLs.

The Plugin Settings section contains the following subsections:

  • Plugin Management: displays a list each of enabled and disabled plugins, respectively, the options to move plugins between those lists, and the option to delete custom plugins.
  • PASL Management: displays a list each of enabled and disabled PASLs, respectively, and the options to move PASLs between those lists.
  • Create Custom Plugin: displays options for creating custom plugins and creating new plugin fields.

The following table provides a brief summary of each plugin field available for creating custom plugins.

Custom Plugin Field Purpose

ID

Unique numeric ID of the plugin.

Name

Name of the plugin. The plugin name should start with the vendor name.

Description

Full text description of the vulnerabilitiy.

Synopsis

Brief description of the plugin or vulnerability.

Solution

Remediation information for the vulnerability.

See Also

External references to additional information regarding to the vulnerability.

Risk

Info, Low, Medium, High, or Critical risk factor.

Plugin Output

Displays dynamic data in PVS plugin reports.

Family

Family to which the plugin belongs.

Dependency

Other dependencies required to trigger the custom plugin.

NoPlugin

Prevents a plugin from being evaluated if another plugin has already matched. For example, it may make sense to write a plugin that looks for a specific anonymous FTP vulnerability, but disable it if another plugin that checked for anonymous FTP had already failed.

No Output

For plugins that are written specifically to be used as part of a dependency with another plugin. When enabled, this keyword causes PVS not to report anything for any plugin.

Client Issue

Indicates the vulnerability is located on the client side.

Plugin Type

Vuln, realtime, or realtimeonly plugin type.

cve

CVE reference.

bid

Bugtraq ID (BID) reference.

osvdb

External reference (e.g., OSVDB, Secunie, MS Advisory).

nid

To track compatibility with the Nessus vulnerability scanner, Tenable associates PVS vulnerability checks with relevant Nessus vulnerability checks. Multiple Nessus IDs can be listed under one nid entry such as nid=10222,10223.

cpe

Filters the result of discovered vulnerabilities based on their CPE identifier.

Match

This keyword specifies a set of one or more simple ASCII patterns that must be present in order for the more complex pattern analysis to take place. The match keyword gives PVS a lot of its performance and functionality.

Regex

Specifies a complex regular expression search rule applied to the network session.

Revision

Revision number associated with custom plugin.

Raw Text Preview

A preview of the custom plugin in raw text. Example of a custom plugin created to find a IMAP Banner of Tenable Rocks:

id=79000

name=IMAP Banner

description=An IMAP server is running on this port. Its banner is Tenable Rocks

risk=NONE

match=OK

match=IMAP

match=server ready

regex=^.*OK.*IMAP.*Tenable Rocks

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.