August 1, 2006
Today, Tenable released two new plugins for Nessus 3 that can audit the configuration of a remote UNIX or Windows system and report which systems are compliant / not compliant with a user-definable security policy.
These plugins are different from other typical NASL checks as they check for configuration settings, not vulnerabilities, and they are available to any Nessus Direct Feed or Security Center user.
To take advantage of these plugins, one needs to define its security policy into a ".audit" file and select it from within a scan policy. The documentation can be found here. There are also tools available to convert a Windows .inf file into an .audit file, or to capture your current Windows configuration as an .audit file. Ron Gula wrote an entry about these checks on Tenable's blog.
Tenable™, Inc. is the Cyber Exposure company. Over 23,000 organizations of all sizes around the globe rely on Tenable to manage and measure their modern attack surface to accurately understand and reduce cyber risk. As the creator of Nessus®, Tenable built its platform from the ground up to deeply understand assets, networks and vulnerabilities, extending this knowledge and expertise into Tenable.io™ to deliver the world’s first platform to provide live visibility into any asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, large government agencies and mid-sized organizations across the private and public sectors. Learn more at tenable.com.