Nessus Audits checks

Audit checks on nessus are the one of my works that i implemented and using for local scans. Using audit feature you have subscribe direct feed.As most of you may think getting plugins 1 week later no problem at all, in my opinion using audit checks really force your controls and make less talks to system owners.

We use local audit checks with two nessus server and scan 400+ servers in 4 times a year .Audit checks performs checking our domain policy on servers , application/web server related controls and also some specific *nix box controls. the scripting language is not alike nasl-naslv2. it has a new and basic syntax.In tenable site you can download prepared ready audits or compliance check tools for preparing some windows base domain policy checks.

Here are some examples that i implement for IIS auditing =>


type: REGISTRY_SETTING
description: "Enable Non UTF-8 control."
value_type: POLICY_DWORD
value_data: 0
reg_key: "HKLM\System\CurrentControlSet\Services\HTTP\Parameters"
reg_item: "EnableNonUTF8"
reg_type: REG_DWORD



type: FILE_CONTENT_CHECK
description: "Encode Weblogs in UTF8 control"
value_type: POLICY_TEXT
value_data: "C:\WINDOWS\system32\inetsrv\MetaBase.xml"
regex: "LogInUTF8=.*"
expect: "LogInUTF8="TRUE""