During security checks we are performing in a cyber security Fat/SAT approach, we often need to perform authenticated scans on standalone systems, not connected to any active directory.
Performing authenticated scanning of these systems, without making sure the necessary settings and preparation is done properly, will result in a scan which states that the results are good but that it could not perform authentication against the system itself. This because it did not have sufficient permissions to do so.
There are a few actions that need to be done for authenticated scans to be truly successful (https://docs.tenable.com/nessus/Content/NessusCredentialedChecks.htm).
These can for sure be done manually, yet I created a small tool that
- Verifies these settings
- Modified these if needed
- Logs are changes made for reporting purposes
- Reverts the changes to the previous state
You can find the Nessus Authentication Scanning tool on https://github.com/dietersar/CheckNessusAuthScan