Nessus: Tuning Guide

Table of Contents

• Uploading Custom Audit Files

Uploading Custom Audit Files

Audit Files are security baselines you want to measure a machine against.

1. Download the .xml or .audit file from DISA, NVD, CIS, Tenable
2. Unzip the .xml or .audit file
3. Click-on “Scans > Audit Files”
4. Click-on “Add an Audit File” or “+ Add” (top-right)
5. Select “Advanced”
6. Provide the following details and click-on “Submit”
   • Name: DISA Microsoft Windows 2012 and 2012 R2 DC STIG v2r19
   • Description: A tool to improve the security of Department of Defense (DoD) information systems.
   • Audit File: ` U_MS_Windows_2012_and_2012_R2_DC_V2R19_STIG_SCAP_1-2_Benchmark.xml`

References

• DISA STIGs Document Library
• NIST National Vulnerabiltiy Database
• CIS Benchmarks
• Compliance & Audit Files
• Tenable.sc - “Add a Custom Audit File”
• Tenable Community - “How to upload Custom STIG file in Nessus Professional”