Audit Files

The Tenable Nessus vulnerability scanner allows you to perform compliance audits of numerous platforms including (but not limited to) databases, Cisco, Unix, and Windows configurations as well as sensitive data discovery based on regex contained in audit files. Audit files are XML-based text files that contain the specific configuration, file permission, and access control tests to be performed. For more information, see Manage Audit Files.

After you create an audit file, you can reference the audit file in a template-based Policy Compliance Auditing scan policy or a custom scan policy. For more information about compliance options in custom scan policies, see Compliance Options.

For more information on compliance checks and creating custom audits, see the Compliance Checks Reference.

Note: The maximum number of audit files you can include in a single Policy Compliance Auditing scan is limited by the total runtime and memory that the audit files require. Exceeding this limit may lead to incomplete or failed scan results. To limit the possible impact, Tenable recommends that audit selection in your scan policies be targeted and specific for the scan's scope and compliance requirements.

Compliance Results in Tenable Security Center

Compliance audit scans are not the same as vulnerability scans, although there can be some overlap. A compliance audit determines whether a system is configured in accordance with an established policy. Compliance check results do not evaluate the risk of non-compliant findings; severity correlations in Tenable Security Center are not a direct indication of threat level or risk. Review compliance check results thoroughly to assess their risk.

Tenable Nessus reports compliance check results as Pass, Warning, or Fail. Tenable Security Center maps these to its standard severity levels as follows:

Tenable Nessus Result

Tenable Security Center Severity

Pass

Info

Warning

Medium

Fail

High

When audit results are imported into Tenable Security Center after a scan completes, compliance audit plugins are assigned plugin numbers from a dedicated range (any value greater than 1,000,000). As a result, compliance plugin numbers may differ between Tenable Security Center instances.

Template-Based Audit Files

You can add template-based audit files using templates embedded within Tenable Security Center Director. Tenable updates these templates regularly through the Tenable Security Center feed.

For more information, see Add a Template-Based Audit File.

Custom Audit Files

You can add custom audit files to upload any of the following:

  • a Tenable-created audit file downloaded from the Tenable downloads page.
  • a Security Content Automation Protocol (SCAP) Data Stream file downloaded from a SCAP repository (e.g., https://nvd.nist.gov/ncp/repository).

    The file must contain full SCAP content (Open Vulnerability and Assessment Language (OVAL) and Extensible Configuration Checklist Description Format (XCCDF) content) or OVAL standalone content.

    Note: XCCDF standalone content audit files lack automated checks and do not return scan results in Tenable Security Center.

  • a custom audit file created or customized for a specific environment. For more information, see the knowledge base article.

For more information, see Add a Custom Audit File.