Forum Discussion
New Audit Attachments: Gold Image, XCCDF, and JSON Summary...
New Audit Attachments: Gold Image, XCCDF, and JSON
Summary
To support additional functionality and the export of compliance results, the following plugins have been developed:
Compliance Export Gold Image Audit (174791) - a plugin that gathers the results of an existing compliance scan results and creates a “gold” image audit using the “known good” feature. The expected use of this feature is to scan a baseline target in your infrastructure, and then use the resulting audit to scan the rest of the targets to gauge how closely they match the baseline. This will replace the functionality that was previously provided by the python script at https://github.com/tenable/audit_scripts/tree/master/baseline.
Compliance Export JSON (174790) - a plugin that gathers the results of an existing compliance scan and creates a JSON file attachment for each audit file that was executed on the scan targets. The JSON file will include data about the audit file, the scan, and the compliance results. The expected use of the files is to provide more precise export of compliance data from individual scan results.
Compliance Export XCCDF (174792) - a plugin that gathers the results of an existing compliance scan and provides the results as an XCCDF format. The expected use of these files is to be imported into tools like STIG Viewer. A single XCCDF will be attached to the plugin for each audit file that contains DISA references.
Each of these plugins will have to be enabled using the advanced general preferences found in the Policy Compliance Auditing and Advanced scan templates. The preferences names are:
- Generate gold image .audit
- Generate XCCDF result file
- Generate JSON result file
When the plugins are enabled and compliance results have been generated, the results will become available in the Vulnerability category with the files attached to the plugin results.
All preferences are turned off by default and recommended to only be used in instances where the attached files are required.
Target Release Date
Sep 15, 2023
Additional Notes
Initial release is for Nessus and Tenable Vulnerability Management only. The preferences will be added to Tenable Security Center at a later date.
8 Replies
Very interested in Tenable.SC as well.
Very interested in this capability in Security Center. Using the scripts has been challenging.
This sounds really exciting! Now the question I have is how will this work in a multi-tier environment?
We have SecurityCenters at multiple sites. Using remote repositories, we pull all the data to our central SecurityCenter for analysis. For now, we've been looking at the compliance plugins and exporting those with the API to import those into checklists.
Will these new plugins transfer over with the compliance files (XCCDF and/or JSON) so we can see them in the central Tenable.SC?
When we were using SCAP to generate XCCDF results, that was only downloadable on the remote TenableSC from the scan results screen. So we scrapped that and decided to use the audit files so we can at least see the configuration scan results in the plugins that were passed to us in remote repositories.
At this time, the capability is in Nessus and Tenable Vulnerability Management. There is requests to get the preferences exposed in Tenable Security Center and how it will work in there.
Yep... options were there, but plugins were not in the agent plugin packs. Fix should be released soon.
