Results
Last updated
Last updated
If you're using Nessus for a vulnerability assessment, you're going to want to see the results of the scan! In this lab, explore the results generated by a Nessus scan, and identify key details of historical scans.
When a host is scanned with Nessus, results are generated immediately and displayed in a Vulnerabilities table. As a scan is running, this table will be populated as soon as Nessus identifies something. Once the scan has been completed, the table will be full of potential vulnerabilities, ready for analysis.
In some situations, the person who analyzes the findings differs from the person who performed the assessment. Nessus facilitates the sharing of scan results by providing an easy method to export any scan results. These exports are saved as .nessus files and can be imported into any Nessus instance. This is also handy for archiving old scan results without deleting them entirely from Nessus.
To export a scan from Nessus, click on the Export button from the Scan Details page, and select Nessus.
Choose an appropriate name for your results from the dialog box and save the file. These .nessus files are just XML formatted files and can be opened in any text editor to view the contents. However, the best way to read any exported results is to import them into Nessus and use the web interface to read the file.
To import a .nessus scan result, from the My Scans page, click the Import button
Vulnerabilities
The Vulnerabilities tab displays a list of all vulnerabilities identified by Nessus throughout the scan, stored in a single table. Each entry in this table is a Nessus "finding", with the name of the potential vulnerability, severity rank, and CVSS score.
Any entries marked with a folder icon are groups of similar vulnerabilities. For example, Nessus might group several similar Webmin vulnerabilities under Webmin (Multiple Issues) in the table. The number of vulnerabilities in this folder is recorded under the Count column. Click on any of the folders to be shown a list of the findings in that folder.
Nessus displays a severity for each vulnerability in the table, and, for higher-ranked vulnerabilities a severity score, both determined by the vulnerability's CVSS score. For example, the vulnerability TLS Version 1.1 Protocol Deprecated has a CVSS score of 6.5 and has therefore been ranked as MEDIUM.
Vulnerabilities ranked highly (such as CRITICAL or HIGH) should be prioritized when considering any remediation actions, but even MEDIUM or LOW-level vulnerabilities will need to be addressed. The decision to remediate or risk-accept these findings would depend on the needs of each organization. Still, if enough lower-risk vulnerabilities are risk-accepted, the aggregation of these vulnerabilities may eventually lead to conditions where system compromise is possible. Typically, any INFO-level vulnerabilities are just "informational" vulnerabilities, where Nessus simply provides information about something – not necessarily a vulnerability – and doesn't have a "risk score" associated with that finding.
In this table, Nessus will also detail the category in which the finding falls (known as the Family). Some of the more wide-ranging categories cover several different results (e.g., General), whereas other categories will focus on specific types of vulnerability (e.g., CGI Abuses). Click on any of the findings in the table to discover details about the specific vulnerability Nessus has identified.
Vulnerability details
On this page, Nessus will provide you with a description of the vulnerability to help you identify its specific location. For most findings, Nessus will attempt to give you a possible solution to remediate the vulnerability or share external resources to help you learn more about the vulnerability.
Important scans
Results for each important scan
