...
The vulnerability scans were performed using Tenable Nessus Professional version is 10.3.0. A single scan was performed.
In the Nessus Console, the CVSS Base Score for this vulnerability scan was changed to CVSS version 2. The platform rates issues based on a vulnerability’s CVSS v2 score.
The results from the completed scan were exported to a .nessus file using the export facility within the Nessus Console
All issues from the .nessus file were imported into a single phase in the Platform in the usual manner (see this article for guidance on importing issues Importing Third Party Results (Issues))
| Note |
|---|
IMPORTANT NOTE: The Platform rates imported vulnerabilities/issues based on their CVSS v3 score by default (and uses CVSS v2 score - when a v3 score is not available). When reviewing and comparing results in the Nessus Console to those same results in the platform, ensure that Nessus is configured to use a CVSS Base Score of version 23. Otherwise there will likely be discrepancies between the severity rating in Nessus Console and the severity rating in the Platform |
...
In the Nessus Console, we’ll take a look at the “Scan Summary” for our completed scan, paying attention to “Scan Details” and “Details” (highlight in blue below)
...
The ‘Details’ section provides further information on the scan execution itself - pay attention to the CVSS_Score value; currently set toCVSS_V2. If the scan results are based on CVSS version 3, there will likely be discrepancies between the severity rating in the Nessus Console and the severity rating in the PlatformThe ‘Scan Details’ section breaks down the number vulnerabilities into of Critical, High, Medium and Low severity.
...
Whilst the platform will provide the same vulnerability information as found in Nessus (such as the Description, the Solution and the Output), the platform summates sums up the “Affected Instances” based on the number of unique Host & Port pairings. To illustrate this, we’ll drill into that vulnerability in the platform:
...