Manage Audit Files

Required Tenable Security Center User Role: Administrator or organizational user with appropriate permissions. For more information, see User Roles.

Add a Template-Based Audit File

You can add template-based audit files using templates embedded within Tenable Security Center. Tenable updates these templates regularly through the Tenable Security Center feed.

For more information, see Audit Files.

Note: The maximum number of audit files you can include in a single Policy Compliance Auditing scan is limited by the total runtime and memory that the audit files require. Exceeding this limit may lead to incomplete or failed scan results. To limit the possible impact, Tenable recommends that audit selection in your scan policies be targeted and specific for the scan's scope and compliance requirements.

To add a template-based audit file:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scanning > Audit Files (administrator users) or Scans > Audit Files (organizational users).

    The Audit Files page appears.

  3. Click Add

    The Audit File Templates page appears.

  4. In the Common section, click a template category tile.

    The Add Audit Template page appears.

  5. In the Name box, type a name for the audit file.

  6. (Optional) In the Description box, type a description for the audit file.

  7. (Optional) Edit the template-specific options if you do not want to use the default values.

  8. Click Submit.

    Tenable Security Center saves your configuration.

What to do next:

  • Reference the audit file in a template-based Policy Compliance Auditing scan policy or a custom scan policy. For more information about compliance options in custom scan policies, see Compliance Options.

Add a Custom Audit File

You can add custom audit files to upload any of the following:

  • a Tenable-created audit file downloaded from the Tenable downloads page.

  • a Security Content Automation Protocol (SCAP) Data Stream file downloaded from a SCAP repository (e.g., https://nvd.nist.gov/ncp/repository).

    The file must contain full SCAP content (Open Vulnerability and Assessment Language (OVAL) and Extensible Configuration Checklist Description Format (XCCDF) content) or OVAL standalone content.

    Note: XCCDF standalone content audit files lack automated checks and do not return scan results in Tenable Security Center.

  • a custom audit file created or customized for a specific environment. For more information, see the knowledge base article.

For more information, see Audit Files.

Note: The maximum number of audit files you can include in a single Policy Compliance Auditing scan is limited by the total runtime and memory that the audit files require. Exceeding this limit may lead to incomplete or failed scan results. To limit the possible impact, Tenable recommends that audit selection in your scan policies be targeted and specific for the scan's scope and compliance requirements.

Before you begin:

  • Download or prepare the file you intend to upload.

To add a custom audit file or SCAP Data Stream file:

  1. Log in to Tenable Security Center via the user interface.

  2. In the left navigation, click Scanning > Audit Files (administrator users) or Scans > Audit Files (organizational users).

    The Audit Files page appears.

  3. Click Add

    The Audit File Templates page appears.

  4. In the Other section, click the Advanced tile.

  5. In the Name box, type a descriptive name for the audit file.

  6. In the Description box, type a description for the audit file.

  7. Click Choose File and browse to the Audit File you want to upload.

    The system uploads the file. If you uploaded a SCAP Data Stream file, additional options appear.

  8. If you uploaded a Data Stream file with full SCAP content, continue configuring options for the file:

    1. If you uploaded SCAP 1.2 content or later, in the Data Stream Name box, select the Data Stream identifier found in the SCAP 1.2 Data Stream content.

    2. In the Benchmark Type box, select the operating system that the SCAP content targets.

    3. In the Benchmark Name box, select the benchmark identifier found in the SCAP XCCDF component.

    4. In the Profile box, select the benchmark profile identifier found in the SCAP XCCDF component.

  9. Click Submit.

    Tenable Security Center saves your configuration.

What to do next:

  • Reference the audit file in a template-based Policy Compliance Auditing scan policy or a custom scan policy. For more information about compliance options in custom scan policies, see Compliance Options.

View Audit File Details

For more information, see Audit Files.

To view details for an audit file:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Audit Files.

    The Audit Files page appears.

  3. To filter the audit files that appear on the page, apply a filter as described in Apply a Filter.

  4. Click View.

    The View Audit File page appears.

  5. Right-click the row for the audit file.

    The actions menu appears.

    -or-

    Select the check box for the audit file.

    The available actions appear at the top of the table.

Edit or Replace Audit Files

For more information, see Audit Files.

To edit or replace an audit file:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Audit Files.

    The Audit Files page appears.

  3. To filter the audit files that appear on the page, apply a filter as described in Apply a Filter.

  4. Right-click the row for the audit file.

    The actions menu appears.

    -or-

    Select the check box for the audit file.

    The available actions appear at the top of the table.

  5. Click Edit.

    The Edit Audit File page appears.

  6. To edit the name or description, type a new Name or Description.

  7. To replace the audit file, click the delete button (delete) next to the file and upload a new audit file.

  8. Click Submit.

    Tenable Security Center saves your configuration.

Share or Revoke Access to Audit Files

For more information, see Audit Files.

To share or revoke access to an audit file:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Audit Files.

    The Audit Files page appears.

  3. To filter the audit files that appear on the page, apply a filter as described in Apply a Filter.

  4. Right-click the row for the audit file.

    The actions menu appears.

    -or-

    Select the check box for the audit file.

    The available actions appear at the top of the table.

  5. Click Share.

  6. Share or revoke access for each group in your organization.

  7. Click Submit.

    Tenable Security Center saves your configuration.

Export Audit Files

For more information, see Audit Files.

To export an audit file:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Audit Files.

    The Audit Files page appears.

  3. To filter the audit files that appear on the page, apply a filter as described in Apply a Filter.

  4. Right-click the row for the audit file.

    The actions menu appears.

    -or-

    Select the check box for the audit file.

    The available actions appear at the top of the table.

  5. Click Export.

    Tenable Security Center exports the audit file.

Delete Audit Files

For more information, see Audit Files.

To delete an audit file:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scans > Audit Files.

    The Audit Files page appears.

  3. To filter the audit files that appear on the page, apply a filter as described in Apply a Filter.

  4. Right-click the row for the audit file.

    The actions menu appears.

    -or-

    Select the check box for the audit file.

    The available actions appear at the top of the table.

  5. Click Delete.

    A confirmation window appears.

  6. Click Delete.

    Tenable Security Center deletes the audit file.