Invest in yourself, Learn Today and Lead Tomorrow! Special Learner Discount - Get 20% OFF - Use Coupon: LEARN20 Now!
+011 4734 4723[email protected]

How to use Resources of Nessus (Policies and Plugin Rules)

Nessus provides Policies and Plugin Rules as resources to customize and optimize your scans. These features allow you to define specific scanning behaviors, tailor vulnerability checks, and manage plugins for improved performance and relevance in your environment. Here’s how to effectively use these resources.

1. Resources of Nessus Policies

Policies are pre-defined or customized configurations that determine how Nessus performs a scan. They include settings such as port ranges, scan intensity, credentials, and plugins to use during the scan.

Creating and Using a Policy

  1. Log in to Nessus: Access the Nessus interface using your credentials.
  2. Navigate to Policies: On the main dashboard, click on Policies in the top menu to access the policy management section.
  3. Create a New Policy:
    • Click the New Policy button.
    • Choose a policy type based on your needs (e.g., Basic Network Scan, Advanced Scan, Web Application Test).
  4. Configure the Policy:
    • General Settings: Provide a name and description for the policy to identify its purpose.
    • Targets: Define IP addresses, subnets, or DNS names to be scanned.
    • Port Range: Specify the range of ports to scan (e.g., common ports, all ports, or custom ranges).
    • Scan Settings:
      • Adjust timeout values, retries, and performance settings based on your environment.
    • Credentials:
      • Add SSH, Windows, or database credentials for deeper scans.
    • Plugins:
      • Enable or disable specific plugins based on what you want Nessus to check.
  5. Save the Policy: Once the policy is configured, click Save. The policy will be available for use in future scans.
  6. Apply the Policy to a Scan:
    • When creating a new scan, select the saved policy under the Policy dropdown menu.
    • This will automatically apply the customized settings to the scan.

2. Resources of Nessus Plugin Rules

Plugin Rules allow you to control how Nessus uses its plugins. Plugins are vulnerability checks that Nessus runs during a scan. Plugin Rules enable you to tailor these checks to your specific needs.

Creating and Using Plugin Rules

  1. Access Plugin Rules:
    • Go to the Settings menu in Nessus.
    • Click on Plugin Rules to open the plugin management interface.
  2. Add a New Plugin Rule:
    • Click Add to create a new rule.
    • You’ll be prompted to define the rule criteria.
  3. Configure Rule Criteria:
    • Plugin ID: Enter the unique ID of the plugin you want to control. Plugin IDs can be found in the scan results or plugin library.
    • Target: Specify the target(s) to which the rule will apply (e.g., specific IP addresses or subnets).
    • Action: Choose how the plugin should behave:
      • Enable: Ensures the plugin is always run.
      • Disable: Prevents the plugin from being used.
      • Default: Reverts the plugin to its standard behavior.
  4. Add a Reason:
    • Provide a justification for the rule. This is useful for documentation and audits.
  5. Save the Rule:
    • Click Save to activate the rule.
  6. View and Edit Rules:
    • The Plugin Rules page allows you to review existing rules, edit them, or delete them as needed.

Best Practices for Policies and Plugin Rules

  • Use Custom Policies for Specific Needs: Create policies tailored to different environments (e.g., internal servers, external-facing systems, or web applications) for more targeted scans.
  • Optimize Performance: Exclude unnecessary plugins or limit the scope of policies to reduce scan time and avoid overloading the network.
  • Manage False Positives: Use Plugin Rules to disable plugins that generate known false positives in your environment.
  • Stay Updated: Regularly update Nessus to ensure plugins and policies are aligned with the latest vulnerability definitions.
  • Document Changes: Always provide clear descriptions for custom policies and plugin rules to maintain clarity for team members or auditors.

Practical Use Cases

  1. Policy Customization for Compliance:
    • Create a policy with specific plugins enabled to check for compliance with regulations like PCI DSS or HIPAA.
  2. Plugin Optimization:
    • Disable unnecessary plugins for targets that do not use certain technologies (e.g., disabling Oracle database checks for systems without Oracle installed).
  3. Focus on High-Risk Systems:
    • Create a policy to focus on critical systems with detailed scanning, while using lighter scans for non-critical systems.

Policies and Plugin Rules are powerful tools in Nessus that enhance scan precision, reduce unnecessary resource usage, and tailor the tool to meet your specific requirements. By effectively using these resources, you can streamline vulnerability assessments, minimize disruptions, and focus on the most relevant security concerns.

Anandita Doda
Practical: Host Discovery Scan and OS Identification Scan
How to Use Settings of Nessus

Get industry recognized certification – Contact us

keyboard_arrow_up
Open chat
Need help?
Powered by Joinchat
Hello 👋
Can we help you?