Building a Nessus Test

Building a new Nessus Test Case is straight forward. First, create a scan policy within Nessus. If you have a specific audit file that you would like to use (ex: one downloaded from the IASE website), you must first upload it into Nessus. Instructions for uploading an audit file and creating a scan policy in Nessus can be found in the following document. Note that the profile chosen will be based on your system's MAC level (e.g., MAC-2_Sensitive).

Once a new scan policy is created, you must download it from Nessus. Additionally, you have to download an example Nessus Test asset from CONS3RT. After the two files are downloaded, unzip the Nessus Test and rename the folder to something that makes sense to you (e.g., Nessus_RHEL_6_STIG). Follow these steps after unzipping the Nessus Test asset:

  1. Replace the .nessus file in the “config” directory with the scan policy you created
  2. Update the file in the “config” directory with the name of the Nessus policy file you just created. The nessusPolicy field must reference the exact name of the policy file you placed in the “config” directory.
  3. Update the following fields in the file
  4. name - Name the test something simple that represents the scan policy (e.g., RHEL 6 STIG
  5. description - Describe what the test will do in enough detail such that other users could understand what the test will accomplish
  6. pocEmail, pocName, pocOrganization - Put your information in these fields so that other users could reach out to you for questions if they were to use the test case
  7. Update the README file
  8. Zip the entire Nessus Test directory and upload to CONS3RT by using the “Import test asset” button in the Tests portion of the asset library

If everything was done correctly you will get a notification that your test asset was imported successfully. At that time you can begin using your new Nessus Test asset.