August 1, 2006
Today, Tenable released two new plugins for Nessus 3 that can audit the configuration of a remote UNIX or Windows system and report which systems are compliant / not compliant with a user-definable security policy.
These plugins are different from other typical NASL checks as they check for configuration settings, not vulnerabilities, and they are available to any Nessus Direct Feed or Security Center user.
To take advantage of these plugins, one needs to define its security policy into a ".audit" file and select it from within a scan policy. The documentation can be found here. There are also tools available to convert a Windows .inf file into an .audit file, or to capture your current Windows configuration as an .audit file. Ron Gula wrote an entry about these checks on Tenable's blog.
Tenable transforms security technology for the business needs of tomorrow through comprehensive solutions that provide continuous visibility and critical context, enabling decisive actions to protect your organization. Tenable eliminates blind spots, prioritizes threats, and reduces exposure and loss. With more than one million users and more than 21,000 customers worldwide, organizations trust Tenable for proven security innovation. Tenable customers range from Fortune Global 500 companies, to the global public sector, to mid-sized enterprises in all sectors, including finance, government, healthcare, higher education, retail and energy. Transform security with Tenable, the creators of Nessus and leaders in continuous monitoring, by visiting tenable.com.
(410) 872-0555 x1559