So reports can be easier to handle for scale. Although the UI is very easy to use and quite explanatory of the issues found on systems, once the scan includes lots of issues and just more than one box, losing track is very easy. Which can be more convenient for auditing purposes on medium sized to large environments. One can use the UI to check the vulnerabilities and details but on the right corner of the screen there is a ‘Report’ button. If we check the critical ones we’ll see this:Īnd if we get into one specific we’ll get this view:Īll sort of nice details appear on the UI, from the original description from the vendor, the original advisory URL and some references from others, to a very well detailed risk information on the right. It’s not just outdated but out of support since January 14th this year (if you haven’t noticed you are in trouble).Īs seen on the very top picture among of all the types of issues found in this example scan, the first 320 ones are related to missing updates.
This is the view after scanning an outdated Windows 2008 R2 server.
If you find the articles in useful to you, please consider making a donation.īut this article is a how to work with Nessus scan results, so I have already scanned two boxes, which were massively outdated on purpose so I could collect lots of output and deal with a few bits of it for the sake of demonstration. Even SCADA systems have a plugin to be scanned with. Different UNIX or Linux systems scans? Yes, those too. Different services like DNS, FTP, SNMP, SMTP? Yes. So we can check from Windows vulnerabilities, to web server configurations, through networking gear assessments for F5 or Cisco equipment. As I showed in the introduction article about Nessus, there are three dedicated plugins to Windows, and the bigger one scans for more than 4500 items. Nessus is a powerful tool and has some niceties, even in the community edition where one can scan lots of different types of systems with the help of plugins. How do I know that? Because I’ve worked with this tool for some time and although I do not know every corner of the things I’ve been doing some scans and solving quite a few deffects on systems that were labeled as ‘production ready’ when they clearly weren’t. Working with Nessus scan results is easy.