Nessus Scan Summary Report
Internal security assessments are required and include vulnerability scanning on the network as a part of many security compliance programs. Many compliance standards also require an organization to provide evidence of scanning activities. The Nessus Scan Summary report provides a summary of scan activities and the attributes used during the scan. The Nessus vulnerability scanner is a fast and diverse tool that helps organizations of all sizes to audit their assets for security vulnerabilities. Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery, and vulnerability analysis of an organization’s security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs, and across physically separate networks. Nessus stays current through automatic updates that pull the latest vulnerability checks directly from Tenable.
The plugin ID # 19506 (Nessus Scan Information) provides information about a scan including the version of the scan, the amount of time it took to complete the scan, if a credentialed scan took place, and more. Knowing about the various Nessus scanner options or features can be a great benefit in producing more accurate and faster vulnerability scans. Good security practices require performing vulnerability scans, and require an organization to provide evidence of the scanning activities. The Nessus Scan Summary report displays Nessus Scan Time, Web Apps Test, Nessus Scanner Version, Nessus Port Scanner Types, Nessus Scan Options Status, Credential Checks, and a 3 vulnerability detail table for Nessus scans per 24-bit subnet mask Class C network for different duration of times.
SecurityCenter Continuous View (CV) provides a centralized solution that allows for the most comprehensive and integrated view of network health. Nessus is an integral part of SecurityCenter CV, which provides a central location for configurations, deployments, dashboards, and reports of Nessus scans.
The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the SecurityCenter Feed under the category Discovery & Detection. The report requirements are:
- SecurityCenter 4.8.1
- Nessus 5.2.7
The following chapters are included in the report:
- Executive Summary: The Executive Summary chapter provides 2 matrices that display Nessus Scan Time, Nessus Scanner Version matrix, and one Last Scanned Observed in 14 Days table. This chapter will provide an executive level overview of scan activities and the attributes used during the scan.
- Nessus Scan Summary: The Nessus Scan Summary chapter contains four matrices that display web application tests, scan options status, port scan types, and credentials used during the scan.
- Nessus Scan Network: The Nessus Network Scan Summary chapter contains 3 tables that each display a summary of subnets scanned during a period of time. The tables identify the subnets scanned over different time periods. There are tables showing scans occurring between 15 to 30 days, between 31 to 90 days, and over 90 days.
- Nessus Scan Errors: The Nessus Scan Error chapter provides a detail table for errors discovered during a Nessus scan.