by Cody Dumont
February 24, 2015
As a part of many security compliance programs, internal security assessments are required which include vulnerability scanning on the network. Many compliance standards also require an organization to provide evidence of scanning activities. This report provides a summary of scan activity and the attributes used during the scan. The Nessus vulnerability scanner is a fast and diverse tool that helps organizations of all sizes audit their assets for security vulnerabilities.
The report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the Tenable.sc Feed under the category Discovery & Detection. The report requirements are:
- Tenable.sc 4.8.2
- Nessus 8.4.0
Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis of security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks. Nessus stays current through automatic updates that pull the latest vulnerability checks directly from Tenable.
This report provides a summary view of active scanning within the network. The report includes a chapter that provides a high level view of how active scans are conducted and the parameters that are configured. The next chapter provides a summary of the vulnerabilities and the compliance status. The last two chapters provide the scan configuration details grouped according to the dates the plugins were updated from the feed. This allows the analyst to determine if scanners are scanning the network with up to date information. For the systems with out of date plugins, detailed information is provided to aid the troubleshooting process.
Organizations that use Tenable.sc or Tenable.sc Continuous View (CV) have added features over Nessus users. With Tenable.sc, organizations have an unlimited number of Nessus Vulnerability Scanners, thus allowing for full coverage of the network. Tenable.sc CV also allows the organization to monitor using active, passive, and event based vulnerability detections, thus simplifying security operations and streamlining compliance.
Chapters
Executive Summary - This chapter contains a summary of the scans completed and the scan parameters. The plugin ID 19506 provides information about a scan including the version of the scan, the amount of time it took to complete the scan, if a credentialed scan took place, and more. Knowing about the various Nessus scanner options or features can be a great benefit in producing more accurate and faster vulnerability scans. This chapter provides data on Nessus Scan Time, Web Apps Test, Nessus Scanner Version, Nessus Port Scanner Types, Nessus Scan Options Status, and Credential Checks. Additionally, a table shows systems encountering an error during a scan. Refer to the Nessus product documentation for more information about Nessus scans.
Vulnerability Summary - This chapter contains a series of tables showing the vulnerability, compliance, and remediation count over the past 12 months. Each table shows a specific data set, with a count for the previous 25 days, 90 days, 180 days and 365 days. The data in this chapter allows security managers to gain an understanding of the vulnerabilities over the course of 12 months.
Plugin Feed by Day of Month - This chapter contains the scan results details from devices scanned with Nessus scanners that were updated from the feed on specific days of the month. The date ranges from the 1st to the 31st. The chapter begins with a summary matrix, providing indicators for the specific dates the plugins were updated from the feed. The following sections (1st – 31st) contain a scan summary chapter with IP, FQDN, and MAC address of the devices that were scanned, followed by the scan details of the completed scans.
Plugin Feed by Month - This chapter contains the scan result details from devices scanned with Nessus scanners that were updated during a specific month. The chapter begins with a summary matrix, providing indicators for the specific dates the plugins were updated from the feed. The following sections (January to December) contain a scan summary chapter with IPs, FQDNs, and MAC addresses of the devices that were scanned, followed by the scan details of the completed scans.