Add a Custom Audit File
Required User Role: Administrator or organizational user with appropriate permissions. For more information, see User Roles.
You can add custom audit files to upload any of the following:
- a Tenable-created audit file downloaded from the Tenable downloads page.
a Security Content Automation Protocol (SCAP) Data Stream file downloaded from a SCAP repository (e.g., https://nvd.nist.gov/ncp/repository).
The file must contain full SCAP content (Open Vulnerability and Assessment Language (OVAL) and Extensible Configuration Checklist Description Format (XCCDF) content) or OVAL standalone content.
Note: XCCDF standalone content audit files lack automated checks and do not return scan results in Tenable.sc.
- a custom audit file created or customized for a specific environment. For more information, see the knowledge base article.
For more information, see Audit Files.
Before you begin:
Download or prepare the file you intend to upload.
To add a custom audit file or SCAP Data Stream file:
Log in to Tenable.sc via the user interface.
Click Scanning > Audit Files (administrator users) or Scans > Audit Files (organizational users).
The Audit Files page appears.
The Add Audit File page appears.
In the Custom section, click the Advanced tile.
- In the Name box, type a descriptive name for the audit file.
- In the Description box, type a description for the audit file.
Click Choose File and browse to the Audit File you want to upload.
The system uploads the file. If you uploaded a SCAP Data Stream file, additional options appear.
- If you uploaded a Data Stream file with full SCAP content, continue configuring options for the file:
- If you uploaded SCAP 1.2 content or later, in the Data Stream Name box, select the Data Stream identifier found in the SCAP 1.2 Data Stream content.
- In the Benchmark Type box, select the operating system that the SCAP content targets.
- In the Benchmark Name box, select the benchmark identifier found in the SCAP XCCDF component.
- In the Profile box, select the benchmark profile identifier found in the SCAP XCCDF component.
Tenable.scsaves your configuration.
What to do next:
- Reference the audit file in a template-based Policy Compliance Auditing scan policy or a custom scan policy. For more information about compliance options in custom scan policies, see Compliance Options.