International Journal of Science, Engineering and TechnologyAuthors: Malika Olimova, Shodmon Ismoilov, Niloofar Rustamova, Behruz Akramov
Abstract: Modern enterprise IT infrastructures operate under intense regulatory scrutiny, particularly in sectors such as healthcare, finance, and government. Compliance mandates such as HIPAA, PCI-DSS, ISO 27001, and NIST 800-53 require organizations to implement controls that ensure system integrity, user accountability, and the timely remediation of security vulnerabilities. Traditional audit processes are often manual, error-prone, and lacking in timeliness. As infrastructures become more dynamic and hybrid in nature, the need for automated, real-time compliance visibility has become critical. This review explores the integration of Shell scripting with Tenable’s vulnerability assessment platforms specifically Nessus and Tenable.io to build lightweight, platform-agnostic pipelines for automated compliance reporting. Shell scripting offers a simple yet powerful way to orchestrate scan execution, retrieve compliance data, and process reports using native UNIX tools like curl, jq, and awk. Through RESTful API integration with Tenable solutions, administrators can schedule scans, export reports, parse results, and even trigger alerts or remediation workflows—without manual intervention. The paper highlights key architectural concepts including secure API token management, cron-based automation, filtering compliance results by severity or plugin ID, and forwarding logs to centralized SIEM systems. It also addresses security considerations, such as protecting credentials within scripts and ensuring session token rotation. A case study on PCI-DSS compliance demonstrates real-world benefits of this approach in a Linux environment using Tenable.io.
DOI: http://doi.org/10.5281/zenodo.15853367
