Transcript NessusScanReport - Tenable Discussions Forum

SecurityCenter Reporting
Nessus Scan Report
SecurityCenter Reports
For customers who use Nessus for vulnerability
scanning and then move to SecurityCenter, vulnerability
reporting may be somewhat challenging. Using a
vulnerability report from Nessus, as a template, a
vulnerability report for SecurityCenter has been created
that mimics the look and feel of the Nessus report.
The following is a report comparison.
Report Comparison - Splash Page
The Nessus report begins with a simple splash page that contains the report name,
along with the date and time. The SecurityCenter report contains the same
information while also including a Confidentiality Statement, Repository identifier
and UserID that launched the scan.
The Nessus Scan Report is shown on the left, with the SecurityCenter version on
the right.
Report Comparison - Table of Contents
Both reports then contain a Table of Contents. The SecurityCenter report
additionally contains an ‘About This Report’ chapter that briefly describes this
report. On both reports, the table of contents is clickable, which allows you to
navigate to specific hosts.
Vulnerability Reporting Comparison
When reviewing specific host details, the layout of the Vulnerabilities by Host section
closely resembles the data that a Nessus report presents to the reviewer. There are
some slight differences in formatting. For example:
• The Nessus report begins with host information containing scan start and stop
times, while the SecurityCenter report contains only the data and time of the last
scan.
• Both contain the host IP address, DNS name, and NetBIOS name (if they are
available to the scanner).
• In addition to the items on the Nessus report, the SecurityCenter report also
contains the Repository.
• The total number of vulnerabilities found is located within the host information
section and not within the Results Summary.
• The Results Summary is displayed vertically by the Nessus report and horizontally
in the SecurityCenter report.
Vulnerabilities By Host Comparison
The default Nessus report and Nessus Scan Report for SecurityCenter, host
and scan information details, side by side comparison.
Vulnerability Details
For both reports, this information is followed with detailed scan
information in the form of Vulnerability Details. The data is presented in
slightly different manner between the two reports.
• One significant difference that Nessus users will notice is that Nessus will
color code the header with colors that represent the severity of the
vulnerability.
• SecurityCenter contains a severity label in the header.
Vulnerability Details
The following is an example of the detail presented by Nessus
and SecurityCenter for Nessus plugin 11936 (OS Identification).
Vulnerability Details
Overall, the data in both reports are presented in a similar fashion, with
perhaps slightly more details being offered in the SecurityCenter version.
With SecurityCenter, the end user has the ability to customize the output by
editing the table for the Results Details and checking the items contained in
the ‘Display Columns’ that are relevant for their organization, as shown below.
Summary
The SecurityCenter “Nessus Scan Report” should
provide an easy transition for existing Nessus
clients moving to SecurityCenter.
The report and its components are available in
the SecurityCenter 4.7 Report app feed, an app
store of dashboards, reports, and assets.
For Questions Contact
Tenable Customer Support Portal