by Josef Weiss
May 20, 2014
Vulnerability scanning and reporting are essential steps in evaluating and improving the security of a network. By knowing which vulnerabilities affect hosts on the network, security teams can coordinate their mitigation efforts more effectively. Nessus provides vulnerability scan information and SecurityCenter Continuous View (SecurityCenter CV) has the ability to monitor and report on scan data from Nessus.
The Nessus Scan Report [Top 5] presents extensive data about vulnerabilities detected on the top five most vulnerable hosts on the network. The report can be especially useful to security teams that are new to SecurityCenter CV but are familiar with the format and content of reports generated by Nessus. Security teams can use this report to easily identify vulnerabilities and the affected hosts on their network.
Only information about the vulnerabilities detected on the top five most vulnerable hosts are included. Limiting the scope will allow the report to be focused on areas of particular concern and make the report more manageable to review. The top five most vulnerable hosts are determined by vulnerability score. The vulnerability score for a host is computed by adding up the number of vulnerabilities at each severity level and multiplying by the severity score. The default severity scores at each level are:
- Info – 0
- Low – 1
- Medium – 3
- High – 10
- Critical – 40
Severity scores for Low, Medium, High and Critical can be configured for each organization by an administrator.
The chapters in this report provide both a high-level overview and an in-depth analysis of the vulnerability status of the network. Charts are used to illustrate the ratio of vulnerability severities as well as list the most vulnerable hosts by vulnerability score. An iterator is used to provide detailed information on each host scanned. For each host, the IP address, DNS name, NetBIOS name, MAC address, repository, vulnerability total and last scanned time are listed. A severity summary of each host shows how many vulnerabilities of each severity level impacts that host. Vulnerability information on the top 5 hosts listed, including plugin ID, plugin name, plugin family, severity, protocol, port, exploitability, host CPE, plugin text, first discovered and last seen times. Security teams can use this data in order to identify vulnerabilities in their network and tailor their mitigation efforts accordingly.
This report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards and assets. This report can be easily located in the SecurityCenter Feed under the category Threat Detection & Vulnerability Assessments. The report requirements are:
- SecurityCenter 4.8.2
- Nessus 6.11.2
SecurityCenter CV provides continuous network monitoring, vulnerability identification, risk reduction and compliance monitoring. Nessus is continuously updated with information about advanced threats, zero-day vulnerabilities and new types of regulatory compliance configuration audits. By integrating with Nessus, SecurityCenter CV provides the most comprehensive view of network security data.
The following chapters are included in this report:
Executive Summary: This chapter provides an overview of the results of Nessus scans.
Vulnerabilities by Host: This chapter uses an iterator to list scanned IP addresses and present detailed information about vulnerabilities detected on each.