In Tenable Security Center (SC), we can schedule scans using audit policies got from Tenable Audit Files.
I am trying to find the source of these audit policies.
(like from where they are getting those policies and are they following any global networking standards)
Can anyone help me to find this?
An example policy inside the audit file will look like below
<custom_item>
system : "Linux"
type : FILE_CONTENT_CHECK
description : "BSI-100-2: S 4.106: Activation of system logging: /etc/rsyslog.conf - *.alert root"
info : "All changes made to /etc/syslog.conf must be documented. When making modifications to the existing IT system, at first everything should be logged. After that, individual areas can be deactivated in stages as required. The /var partition must be sufficiently large to accommodate the log files.
* Please note that the equivalent file on a Red Hat system is /etc/rsyslog.conf
Safeguard Catalogues: S 4: Hardware and software
S 4.106: Activation of system logging"
reference : "800-171|3.3.1,800-171|3.3.2,800-53|AU-12,BSI-100-2|S4.106,CN-L3|7.1.3.3(a),CN-L3|7.1.3.3(b),CN-L3|7.1.3.3(c),CN-L3|8.1.3.5(a),CN-L3|8.1.3.5(b),CN-L3|8.1.4.3(a),CSF|DE.CM-1,CSF|DE.CM-3,CSF|DE.CM-7,CSF|PR.PT-1,ISO/IEC-27001|A.12.4.1,ITSG-33|AU-12,NESA|T3.6.2,NESA|T3.6.5,NESA|T3.6.6,NIAv2|SM8,QCSC-v1|13.2,QCSC-v1|3.2,QCSC-v1|6.2,QCSC-v1|8.2.1,SWIFT-CSCv1|6.4,TBA-FIISB|45.1.1"
see_also : "https://www.bsi.bund.de/cae/servlet/contentblob/471430/publicationFile/28223/standard_100-2_e_pdf.pdf"
file : "/etc/rsyslog.conf"
regex : "*.alert root"
expect : "*.alert root"
</custom_item>
Thanks for your help in advance.
https://en.wikipedia.org/wiki/IT_baseline_protection
Also, the see_also line provides a link to a pdf on that standard.