Audit File giving me trouble

This topic contains 4 replies, has 2 voices, and was last updated by Profile photo of Kyle Cribbs Kyle Cribbs 8 months, 4 weeks ago.

  • Author
    Posts
  • #36366
    Profile photo of Kyle Cribbs
    Kyle Cribbs
    Participant

    Here is the code i use.. It works in the way i want it to work.. It finds a description that equals 8.1.1.1 and deletes everything that contains in it..
    $text = gc H:\nessusfile.audit
    $text = $text -split "`r`n","

    $delete = $false
    $op = @()
    foreach($line in $text)
    {
    if($line -like '**')
    {
    $itemLines = @($line)
    $delete = $false
    $inItem = $true
    continue
    }
    elseif($line -like '**')
    {
    $itemLines += $line

    if($delete -eq $false)
    {
    $op += $itemLines
    }

    $inItem = $false
    continue
    }

    if($inItem)
    {
    $itemLines += $line

    if($line -like '*description *: *8.1.1.1*')
    {
    $delete = $true
    }
    }
    else
    {
    $op += $line
    }
    }
    $op | out-file "H:\Test.audit"

    The issue is.. When i tried to upload the file to Tenable Security Center it says "Invalid Format".. Naming convention is the same..

    I think it has something to do with

    $text = $text -split "`r`n","

    When i do not use that line of code the script does not work.. Is there a way to fix this issue i am having?

  • #36394
    Profile photo of Jonathan Warnken
    Jonathan Warnken
    Participant

    check the file encoding, Tenable requires ANSI.
    you may need to specify the encoding for out-file

    $op | out-file "H:\Test.audit" -Encoding ANSI
    
  • #36406
    Profile photo of Kyle Cribbs
    Kyle Cribbs
    Participant

    I get an error that states "Cannot validate argument on parameter 'encoding'. The argument "ANSI" does not belong to the set "Unicode, utf7, utf8, utf32, ascii, bigendianunicode,default,oem"" specified by the validateSet attribute. Supply an argument that is in the set and then try the command again.

    Also how would I check the encoding?

  • #36407
    Profile photo of Jonathan Warnken
    Jonathan Warnken
    Participant

    my apologies for the quick answer it should be ascii
    To check the working file open it notepad then do a saveas. The current encoding will be next to the save button.

  • #36408
    Profile photo of Kyle Cribbs
    Kyle Cribbs
    Participant

    I though that would be the process; however, if I have it in notepad it tried to save it as a .txt file and not a .audit file.. so it was skeptical haha

You must be logged in to reply to this topic.