Vulnerability Reporting

FortiGate Scan Report

by Josef Weiss
April 22, 2014

This report leverages the Tenable FortiGate Best Practices Audit and other plugins to provide security settings and other useful information on FortiGate device configuration to an administrator.


  • root/admin SSH credentials for FortiGate FortiOS device.
  • Plugin ID #70272 (Fortigate FortiOS compliance checks)
  • Audit File for Fortigate (TNS_Fortigate_Best_Practices.audit)
  • FortiOS Dynamic Asset

Security settings included in this audit:

HeartBleed Report

by Cody Dumont
April 10, 2014

HeartBleed Report Screenshot
This report template identifies the details on systems vulnerable to the newly identified HeartBleed vulnerability. Using all the tools available to SecurityCenter users, Tenable has several methods of identifying vulnerable systems.

Account Weakness Report

by David Schwalenberg
April 2, 2014

Account Weakness Report Screenshot
This report presents vulnerabilities related to accounts and credentials. These vulnerabilities include default accounts, blank passwords, bypassing of authentication, insecure and non-compliant account settings, and more.

PCI Configuration Report

by Josef Weiss
April 1, 2014

This report template leverages Nessus PCI system configuration results to track which PCI DSS requirements are compliant or non-compliant.

If you need to track which PCI requirements your group is compliant with and you are performing credentialed Nessus configuration audits of your systems, then this SecurityCenter report template can be used to track which requirements are currently being met or not.

PVS Detections Executive Report

by David Schwalenberg
March 26, 2014

PVS Detections Executive Report Screenshot
This executive report presents indications of the network traffic passively detected by the Passive Vulnerability Scanner (PVS). This enables network awareness and may highlight network vulnerabilities.

Council on CyberSecurity - Critical Security Controls Report

by Cody Dumont
March 18, 2014

Council on CyberSecurity Critical Security Controls Report
This report covers many controls found in the Council on CyberSecurity 20 Critical Security Controls. As published by Council on CyberSecurity, the goal of the 20 Critical Security Controls is to protect assets, infrastructure, and information by strengthening your organization’s defensive posture through continuous automated protection and monitoring.

Insider Threat Report v2

by Josef Weiss
March 6, 2014

This report was completely re-worked and streamlined, and now includes New_User_Source events in two different formats. A new section resides under Chapter 2, titled 'New User Source Summary', and contains a New User Source User Summary and a New User Source Event List, as shown below.

CVE Monthly Status Report

by Josef Weiss
February 25, 2014

This high level report displays CVE vulnerability details for the years 2010 - 2014.

The first chapter provides a graphical overview of CVE vulnerabilities in 3 pie charts that represent both vulnerabilities and recently mitigated vulnerabilities. Presented is a graphical overview of the current CVE vulnerability status of the environment. These three charts present CVE vulnerability information by severity, count and percentage.