Nessus Test Structure

All Nessus Test Cases consists of a Policy file and (optional) Audit file. A scan policy consists of configuration options related to performing a vulnerability scan. These options include, but are not limited to:

  • Parameters that control technical aspects of the scan such as timeouts, number of hosts, type of port scanner, and more.
  • Granular plugin family or individual plugin based scan specifications.
  • Compliance policy checks (Windows, Linux, Database, etc.), report verbosity, service detection scan settings, audit files, patch management systems, and more.

Audit files from the Information Assurance Support Environment (IASE) (http://iase.disa.mil/stigs/Pages/a-z.aspx) can be used in Nessus scans specific to your environment. Once the policies have been configured and included in a Nessus Test asset, they can be repeatedly used with little effort.