Database Audit Plugin Decomposition

Summary

In an effort to simplify plugin operation and support for auditing database systems, the Database Compliance Checks plugin are being separated into individual database system plugins:

• IBM DB2 DB Compliance Checks
• Microsoft SQL Server DB Compliance Checks
• MySQL DB Compliance Checks
• Oracle DB Compliance Checks
• PostgreSQL DB Compliance Checks
• Sybase DB Compliance Checks

By placing the support for specific databases in their own plugin, we are able to better support required system prerequisites, communication, and troubleshooting during the scanning process.

The new database plugins will continue to use the current database credentials and will not require the creation of new credentials.

The syntax of the audit files that the new plugins run has been standardized and aligned with other content.

Potential Impacts:

The current Database Compliance Checks plugin will continue to be supported until July 1, 2024, and will be decommissioned after that time. All active content for the Database Compliance Checks Plugin has been converted to the new plugins, and the legacy content display name has been renamed to include the term “Sunset” . No new audit content will be published for the Database Compliance Checks Plugin. New audit content will be published for the technology specific plugins and not backported to the Database Compliance Checks Plugin.

With the new plugins having a different audit file format, for any customer that uses custom audit files, it is recommended to convert the content to the new plugin format. This will ensure the custom audit content uses a supported compliance plugin for the database being audited. A script that can assist in this process is available on the Tenable public GitHub site at https://github.com/tenable/audit_scripts/tree/master/db_audit_migrate. Assistance for the migration script will be available on the Tenable Communities Audit & Compliance site.

Additional information can be found at:

https://community.tenable.com/s/article/Database-Compliance-Plugin-Decomposition

Tenable Plugins

• 33814 - Database Compliance Checks (Deprecation targeting December 31, 2023)
• 148944 - PostgreSQL DB Compliance Checks
• 149309 - MySQL DB Compliance Checks
• 149375 - Oracle DB Compliance Checks
• 149647 - Microsoft SQL Server DB Compliance Checks
• 149648 - IBM DB2 DB Compliance Checks
• 150080 - Sybase DB Compliance Checks

Target Release Date

July 31, 2023