August 1, 2006
Today, Tenable released two new plugins for Nessus 3 that can audit the configuration of a remote UNIX or Windows system and report which systems are compliant / not compliant with a user-definable security policy.
These plugins are different from other typical NASL checks as they check for configuration settings, not vulnerabilities, and they are available to any Nessus Direct Feed or Security Center user.
To take advantage of these plugins, one needs to define its security policy into a ".audit" file and select it from within a scan policy. The documentation can be found here. There are also tools available to convert a Windows .inf file into an .audit file, or to capture your current Windows configuration as an .audit file. Ron Gula wrote an entry about these checks on Tenable's blog.
Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver Tenable.io®, the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 20 percent of the Global 2000 and large government agencies. Learn more at tenable.com.