Add a Custom Audit File

Required User Role: Organizational user with appropriate permissions. For more information, see User Roles.

You can add custom audit files to upload any of the following:

  • a Tenable-created audit file downloaded from the Tenable downloads page.
  • a Security Content Automation Protocol (SCAP) Data Stream file downloaded from a SCAP repository (e.g., https://nvd.nist.gov/ncp/repository).

    The file must contain full SCAP content (Open Vulnerability and Assessment Language (OVAL) and Extensible Configuration Checklist Description Format (XCCDF) content) or OVAL standalone content.

    Note: XCCDF standalone content audit files lack automated checks and do not return scan results in Tenable Security Center.

  • a custom audit file created or customized for a specific environment. For more information, see the knowledge base article.

For more information, see Audit Files.

Note: The maximum number of audit files you can include in a single Policy Compliance Auditing scan is limited by the total runtime and memory that the audit files require. Exceeding this limit may lead to incomplete or failed scan results. To limit the possible impact, Tenable recommends that audit selection in your scan policies be targeted and specific for the scan's scope and compliance requirements.

Before you begin:

  • Download or prepare the file you intend to upload.

To add a custom audit file or SCAP Data Stream file:

  1. Log in to Tenable Security Center Director via the user interface.

  2. In the left navigation, click Audit Files.

    The Audit Files page appears.

  3. Click Add

    The Audit File Templates page appears.

  4. In the Other section, click the Advanced tile.

  5. In the Name box, type a descriptive name for the audit file.
  6. In the Description box, type a description for the audit file.
  7. Click Choose File and browse to the Audit File you want to upload.

    The system uploads the file. If you uploaded a SCAP Data Stream file, additional options appear.

  8. If you uploaded a Data Stream file with full SCAP content, continue configuring options for the file:
    1. If you uploaded SCAP 1.2 content or later, in the Data Stream Name box, select the Data Stream identifier found in the SCAP 1.2 Data Stream content.
    2. In the Benchmark Type box, select the operating system that the SCAP content targets.
    3. In the Benchmark Name box, select the benchmark identifier found in the SCAP XCCDF component.
    4. In the Profile box, select the benchmark profile identifier found in the SCAP XCCDF component.
  9. Click Submit.

    Tenable Security Center Director saves your configuration.

What to do next:

  • Reference the audit file in a template-based Policy Compliance Auditing scan policy or a custom scan policy. For more information about compliance options in custom scan policies, see Compliance Options.