...
As a vendor agnostic platform, Prism supports and ingests vulnerability scan results from multiple vendors. As such, there are subtle differences between how a scanning vendor presents vulnerability scan results in their own console/management interface versus how those same scan results are presented in the Prism Platform. This article focusses on those subtle differences between scan results from the Tenable Nessus Professional Console and the Prism Platform.
Setup
For this article, the following setup was in place:
...
| Note |
|---|
IMPORTANT NOTE: The Prism Platform rates imported vulnerabilities/issues based on their CVSS v2 score - When reviewing and comparing results in the Nessus Console to those same results in Prism, ensure that Nessus is configured to use a CVSS Base Score of version 2. Otherwise there will likely be discrepancies between the severity rating in Nessus Console and the severity rating in the Prism Platform |
Reviewing Nessus Console
Introduction
Tenable Nessus reports scan results based on the vulnerability type (shown as the the vulnerability’s “name”) alongside the “Count” or number of times that a vulnerability has occurred.
This is an important distinction since Prism presents the same scan data differently, as we’ll discover later in this article
Nessus Console: Scan Summary
In the Nessus Console, we’ll take a look at the “Scan Summary” for our completed scan, paying attention to “Scan Details” and “Details” (highlight in blue below)
...
It is important to note that the numbers reported for each Severity under ‘Scan Details’ are derived from the instances, occurrences or number of times a vulnerability was detected by Nessus. In the above Scan Summary, 16 critical vulnerabilities were found. This means that Nessus detected 16 separate instances/occurrences of vulnerabilities; in this case, with a rating of Critical.
Nessus Console: Vulnerabilities
...
Moving across to the “Vulnerabilities” tab, you can add up the number of critical vulnerability (types) and observe that the overall number of vulnerability types with a rating of Critical is 5. So there are 5 separate vulnerability (types) shown in the screenshot above.
For each vulnerability type listed, the “Count” column to the right hand side represents the instances, occurrences or number of times that each specific vulnerability type was detected by Nessus during the scan. For all critical vulnerabilities, if all the values in the “Count” column were summed up, the total would be 16 - a familiar number? The same value of 16 was reported under “Scan Summary” tab for Critical vulnerabilities.
Nessus Console: Vulnerability Detail
Lets drill into the first vulnerability in this list: Apache Log4j Unsupported Version Detection. This particular vulnerability was detected 11 times during the scan. That is to say there were 11 instances of this vulnerability discovered by Nessus during the scan
...
Summing up the instances totals from above, we arrive at an overall total of 11 instances of the vulnerability. Another familiar number? You may recall that under the main “Vulnerabilities” tab, the count for this vulnerability was given as 11 also.
Reviewing Prism Platform
Moving on now to the same scan results as presented in Prism, we have a single phase into which the scan results from Nessus were imported:
...
In addition, you will recall from the Nessus scan results, the “Output” section presented detail on where Nessus found those offending Log4j JAR files. In Prism, that same information is given under the “Technical Details” section along with the specific host(s) on which they were found
Conclusion
To summarise the main points from this article:
...