Add a Custom Audit File
Required User Role: Administrator or organizational user with appropriate permissions. For more information, see User Roles.
You can add custom audit files to upload any of the following:
- a Tenable-created audit file downloaded from the Tenable downloads page.
a Security Content Automation Protocol (SCAP) Data Stream file downloaded from a SCAP repository (e.g., https://nvd.nist.gov/ncp/repository).
The file must contain full SCAP content (Open Vulnerability and Assessment Language (OVAL) and Extensible Configuration Checklist Description Format (XCCDF) content) or OVAL standalone content.
Note: XCCDF standalone content audit files lack automated checks and do not return scan results in Tenable.sc.
- a custom audit file created or customized for a specific environment. For more information, see the knowledge base article.
For more information, see Audit Files.
Before you begin:
Download or prepare the file you intend to upload.
To add a custom audit file or SCAP Data Stream file:
Log in to Tenable.sc via the user interface.
Click Scanning > Audit Files (administrator users) or Scans > Audit Files (organizational users).
The Audit Files page appears.
The Add Audit File page appears.
In the Custom section, click the Advanced tile.
- In the Name box, type a descriptive name for the audit file.
- In the Description box, type a description for the audit file.
Click Choose File and browse to the Audit File you want to upload.
The system uploads the file. If you uploaded a SCAP Data Stream file, additional options appear.
- If you uploaded a Data Stream file with full SCAP content, continue configuring options for the file:
- If you uploaded SCAP 1.2 content or later, in the Data Stream Name box, select the Data Stream identifier found in the SCAP 1.2 Data Stream content.
- In the Benchmark Type box, select the operating system that the SCAP content targets.
- In the Benchmark Name box, select the benchmark identifier found in the SCAP XCCDF component.
- In the Profile box, select the benchmark profile identifier found in the SCAP XCCDF component.
(Optional) If you want to define benchmark tailoring separately from the SCAP XCCDF benchmark, click Choose File and browse to the Tailoring File you want to upload.
The system uploads the file.
What to do next:
- Reference the audit file in a template-based Policy Compliance Auditing scan policy or a custom scan policy. For more information about compliance options in custom scan policies, see Compliance Options.