TOC & Recently Viewed

Recently Viewed Topics

Report Templates

The following templates are included with

The following table lists the report templates that are included with and the complete descriptions that are provided for each.

Report Template Description
CVE Analysis Report In the early days of the internet, vulnerabilities were not publicly known or identifiable. In 1999, the information security industry endorsed the importance of using a common format in identifying vulnerabilities, and thus the Common Vulnerabilities and Exposures (CVE®) was created. Since 1999, the adoption of CVE has grown from 29 organizations to over 150 organizations. Tenable products were first CVE compatible in 2004. Tenable continues to lead the security industry in vulnerability management and continuous network monitoring by embracing accepted standards such as CVE. CVE identifiers are used to reference each of the vulnerabilities detected by Tenable Nessus. The CVE identifiers can be used for reporting, asset identification, risk management, and threat mitigation. This report helps to identify vulnerabilities by their CVE identifiers from 1999 to 2019. CVE is a widely used industry standard for identifying vulnerabilities across software vendors and vulnerability management systems. Using CVE identifiers to identify vulnerabilities allows organizations to easily target affected systems and software for remediation. As vendors provide patches for widespread vulnerabilities such as HeartBleed and ShellShock, many new plugins are released. The task of tracking vulnerabilities is simplified by using CVE identifiers, as the CVE identifiers for vulnerabilities remain the same even as new patches and plugins are released. Using CVE is a very flexible and useful method of detecting vulnerabilities to assist in the risk management process. This report provides an easy to understand executive summary showing the current count of vulnerabilities based on CVE release data and collection methods. The remaining chapters provide details on the top 100 most severe CVE vulnerabilities.
Credentialed Scan Failures

Scanning without credentials is a valid method for identifying what is visible to the scanner and assessing the exterior attack surface of a system, but properly configured credentialed scans are able to look beyond the surface and identify potential issues that may not be apparent. Credentialed scans provide more detailed results that can help to detect outdated software, vulnerabilities, and compliance issues. Without proper credentials, analysts will not be able to obtain accurate information to properly assess an organization's risk posture.

This report delivers an organized list of failed credentialed scans that analysts can use to quickly address scanning issues on a network. The report covers a 25-day scanning history and provides a breakdown of various Windows scan issues and SSH failures, as well as general credential failures. Organizations will find this report useful when reviewed on a daily or weekly basis. The report is organized in a manner that provides timely information that analysts can use to correct any credentialed scan failures.

Critical and Exploitable Vulnerabilities Report

Identifying, prioritizing, and patching existing vulnerabilities on a network can be a difficult task for any analyst to manage effectively. By determining which vulnerabilities are most severe, analysts can properly prioritize vulnerability remediation in order to best protect systems on the network. This report presents a comprehensive look at the critical and exploitable vulnerabilities discovered on the network, which can be useful in reducing the overall attack surface and keeping critical data secured within an organization.

Tenable products collect a vast amount of data on existing vulnerabilities discovered on the organization's network. Detailed analysis and understanding of risk for each vulnerability can be time consuming. However, the analyst should at least understand the impact of each vulnerability in order to understand the threat posed. The severity of a vulnerability is defined using the Common Vulnerability Scoring System (CVSS) base score. The CVSS is a method to define and characterize the severity of a vulnerability. Vulnerabilities are scored on a scale of 1 to 10, with a CVSS base score of 10 considered to be the most severe. Vulnerabilities with a CVSS base score of 10 are defined as ”critical.” In addition to specifying the severity of a vulnerability, industry sources are checked to determine if a publically-known exploit for the vulnerability exists. These critical and exploitable vulnerabilities create gaps in the network's integrity, which attackers can take advantage of to gain access to the network. Once inside the network, an attacker can perform malicious attacks, steal sensitive data, and cause significant damage to critical systems. By identifying the most severe vulnerabilities, analysts and security teams can better focus patch management efforts and better protect the network.

This report provides information on critical and exploitable vulnerabilities that have been detected on the network. The report utilizes data such as the CVSS base score and information from exploit frameworks including Metasploit, Core Impact, Canvas, Elliot, and ExploitHub to determine which vulnerabilities are critical and exploitable. The report presents a cumulative view of the data to provide an analyst with a comprehensive understanding of the discovered critical and exploitable vulnerabilities. Using various visual aids, the report displays the data in an easy to understand manner. The information from this report will enable analysts to discover, prioritize, and remediate critical and exploitable vulnerabilities in a timely manner.

Elevated Privilege Failures Organizations using Tenable Nessus gain a tremendous amount of details such as vulnerabilities, compliance status, software used, and hardware supporting the environment. Nessus provides valuable insight into systems to an analyst, to enable better protection of the network. As with any piece of software or hardware, Nessus needs to be properly configured to ensure the best scan results are returned. For scans of Linux/Unix based systems, analysts can configure the scans to use SSH username/password credentials, which allows Nessus to gather more detailed information about the systems. If a Nessus scan is configured with SSH credentials for a regular user account, basic information about a system can be retrieved. Once Nessus is able to create a session with SSH, Nessus will try to elevate privileges to retrieve further information about the system. If Nessus is unable to perform this action, Nessus plugin 12634 will report that the attempt to elevate permissions was unsuccessful (see Using this report, analysts can identify systems that did not have adequate permissions to do in-depth scanning. Details are also provided to assist analysts in remediating the SSH credential issue. To prevent confusion, this report only addresses failures when Nessus attempts to elevate privileges from a scan; this report does not address attempts by users who try to elevate privileges and are unsuccessful.
Exploit Frameworks Organizations of all size are faced with the challenges of maintaining a successful patch management program. In many cases, vulnerability scans and software updates are only performed on a monthly basis. The lack of visibility into the network and systems in between active scans can result in an increased risk to the organization. This point-in-time method of scanning and updating can also lead to systems being missed if the systems are not on the network or available during the scan window. A single vulnerability is often times the only necessary piece needed to gain a foothold in an environment. As an example, a network could be compromised due to a vulnerability found in out-of-date office productivity software, a PDF viewer, or a browser. Exploitation framework tools contain capabilities to detect and exploit these vulnerabilities. The vendors of these software packages are continually adding exploits to their platforms. Internal security teams and malicious actors alike can use the same tools to detect and exploit vulnerabilities. As some of the software exploitation tools are free, the bar of entry is minimal and can open up organizations to easy to perform attacks. This report can assist analysts in identifying vulnerabilities detected within the organization. Specifically, the report detects vulnerabilities that can be exploited by exploitation frameworks. Analysts can focus on the exploitable vulnerabilities to help reduce the risk to the organization. These specific exploitable vulnerabilities can present a heightened risk depending on the vulnerability and location in the organization. Analysts using this report can be more efficient at prioritizing efforts by knowing more about the vulnerabilities present in the organization. Within this report, analysts can find detailed information relating to the vulnerabilities exploitable by exploitation frameworks. The detailed information includes the host, vulnerability, and related information for each exploitation tool. There are also tables reporting vulnerabilities by plugin family, Microsoft bulletins, and CVE. Depending on the reporting metrics used within the organization, analysts can potentially compare the information from this report to their metrics for quick analysis. Information is also provided to assist analysts and administrators in fixing and mitigating the vulnerabilities.
Exploitable by Malware Malware presents a risk to any organization and comes packaged in many forms. Malware can exploit weaknesses and vulnerabilities to make software or hardware perform actions not originally intended. Vulnerabilities can also be widely exploited shortly after publication as malware authors reverse engineer the fix and come up with ”1-day exploits” that can be used to attack organizations. Using this report, organizations can gain operational awareness of systems on the network with exploitable vulnerabilities. Analysts need to either mitigate the risk from vulnerabilities or remediate them, but prioritization is a necessary task, as not all vulnerabilities present an equal danger. Focusing on vulnerabilities actively exploited by malware helps to reduce the risk to the organization and offers prioritization guidance as to which vulnerabilities to remediate first. Analysts can use this report along with the knowledge of the software in the organization to better defend themselves. Vulnerabilities can also be exploited through common software applications. An attacker can use these software products to exploit vulnerabilities present in an organization. Products such as Metasploit, Core Impact, and exploits listed in ExploitHub can be used by anyone to perform an attack against vulnerabilities. Vulnerabilities that can be exploited through these means are highlighted in this report.
Malicious Code Prevention Report Malware can significantly impact the health and safety of critical systems within an organization. The number of new malware discovered on a daily basis continues to increase, and malware writers are constantly tweaking their code to keep it from being detected. Using malicious code, potentially massive attacks can be accomplished with relative ease. Network defenders need to use a defense-in-depth approach to both protect against malware infections and also discover and address any malware that gets through defenses. Inside this report, analysts will obtain the information needed to identify compromised hosts that have been infected with malware. Additional information on virus detections and interactions with known hostile IP addresses will highlight the presence of malware on network assets. Scans will determine whether anti-virus engines and virus definitions are running and up-to-date. Analysts will be able to obtain information on outdated or misconfigured anti-virus clients on the network. Systems are scanned for bad AutoRuns and Scheduled Tasks that may be associated with malware. Using the information presented within this report, organizations are able to quickly identify and remediate issues associated with malware or malicious activity on systems throughout the enterprise.
Outstanding Patch Tracking One of the common questions often asked of the IT team is ”how many systems are missing patches and how many patches are missing on each system?” This report uses the Tenable Nessus ”Patch Report” plugin (66334) and organizes the current patch status for systems scanned with credentials. The IT team can now easily communicate the specific systems with missing patches to executives. The ”Patch Report” plugin elegantly summarizes all of the missing patches and general remediation actions required to remediate the discovered vulnerabilities on a given host. Instead of counting the number of vulnerabilities, the plugin lists applications that need to be upgraded. The approach is not only much easier for IT administrators to consume, but the count of applications provides a measure of how much ”work” is required to secure a system. In addition, this report can help analysts monitor the application of Microsoft Security Bulletin patches. The elements of this report displays information on missing Microsoft Security Bulletin patches, in order to provide a clear picture of the true state of Microsoft patch management.
Prioritize Hosts What systems need attention now? What systems can be safely ignored for the time being? System administrators often have so much to do that it can be difficult for them to prioritize their host administration and mitigation efforts. This report can assist in that prioritization by presenting multiple lists of top hosts in various categories, such as top hosts infected with malware and top hosts with exploitable vulnerabilities. The elements in this report make use of active scan information from Tenable Nessus. In this way, a system administrator can obtain the most comprehensive and integrated view of the network, in order to make the best prioritization decisions about administration and mitigation efforts.
Unsupported OS Report Detecting unsupported operating systems on a network can be a daunting task. Understanding which operating systems are unsupported or approaching end-of-life (EOL) can improve a security team's ability to mitigate vulnerabilities and secure the network. Systems running unsupported operating systems are more vulnerable to exploitation, so identifying and upgrading unsupported operating systems on a network is essential to an effective security program. Using this report, security teams can easily identify and address unsupported operating systems on a network. The chapters in this report provide detailed information about the unsupported operating systems detected by Nessus on the network. Elements filter by plugin name and vulnerability text in order to provide the most accurate overview of unsupported operating systems. A list of detailed information provides insight into systems running unsupported operating systems and recommended steps to address the vulnerabilities. Security teams can use the data in this report to detect and upgrade unsupported operating systems.
Vulnerabilities by Common Ports Addressing vulnerable services is a key step in reducing network risk. Vulnerable services may allow malicious actors to infiltrate the network, compromise systems, and exfiltrate information. This report presents vulnerability information by common TCP ports and services, in order to alert the analyst to potentially vulnerable services. The elements in this report leverage a variety of active and passive port filters to display vulnerability information in multiple ways. System counts and vulnerability counts are presented based on specific ports, ranges of ports, and CVSS scores. Vulnerabilities that are known to be exploitable are highlighted; these vulnerabilities are especially concerning and should be addressed immediately. The vulnerability information in this report can be used to remediate service vulnerabilities and improve the security of the network.
Vulnerability Detail Report Vulnerability scanning and reporting are essential steps in evaluating and improving the security of a network. By knowing which vulnerabilities affect hosts on the network, security teams can coordinate their mitigation efforts more effectively. Nessus provides this vulnerability scan information. This report presents extensive data about vulnerabilities detected on the network. The report can be especially useful to security teams that are familiar with the format and content of reports generated by Nessus. Detailed information about the vulnerabilities detected on every host scanned is included. Security teams can use this report to easily identify vulnerabilities and the affected hosts in their network. The chapters in this report provide both a high-level overview and an in-depth analysis of the vulnerability status of the network. Charts are used to illustrate the ratio of vulnerability severities as well as list the most vulnerable hosts by vulnerability score. An iterator is used to provide detailed information on each host scanned. For each host, the IP address, DNS name, NetBIOS name, MAC address, repository, vulnerability total, and last scanned time are listed. A severity summary of each host shows how many vulnerabilities of each severity level impact that host. Detailed information about every vulnerability detected on that host is listed, including plugin ID, plugin name, plugin family, severity, protocol, port, exploitability, host CPE, plugin text, first discovered, and last seen times. Security teams can use this extensive data in order to identify vulnerabilities in their network and tailor their mitigation efforts accordingly.
Vulnerability Management Vulnerable devices and applications on an organization's network pose a great risk to the organization. Vulnerabilities such as outdated software, susceptibility to buffer overflows, risky enabled services, etc. are weaknesses in the network that could be exploited. Organizations that do not continuously look for vulnerabilities and proactively address discovered flaws are very likely to have their network compromised and their data stolen or destroyed. This report provides a high-level overview of an organization's vulnerability management program and can assist the organization in identifying vulnerabilities, prioritizing remediations, and tracking remediation progress. In addition, this report assists in monitoring for sensitive data and data access vulnerabilities on the network. By understanding where sensitive or valuable information is kept and any associated vulnerabilities, security teams can better ensure file security and integrity.
Web Services Indicator Services across enterprises are increasingly becoming web connected, but not all web services are secure. Organizations need to know what web services are operating in the environment in order to understand their vulnerability status. This report provides insight into the web services in the environment and the vulnerabilities associated with them. Administrators and analysts can better assess and defend the organization when they have the necessary information. This report provides information based around web services in the environment. Web services and the technology that hosts them are supported and implemented in various ways. The vulnerabilities of web services, web service platforms, and related technologies are displayed in ways that are easy to understand. Analysts can see vulnerabilities based on ports, web service activities leaving the organization, and web services that are present with known vulnerabilities. Network defenders can use the insight into the vulnerabilities in web services provided by this report to more effectively secure their network.
Windows Unsupported and Unauthorized Software The proliferation of unsupported products is an issue for many organizations and increases the effort required to minimize risk. As applications reach their end-of-life (EOL), vendors stop offering support. As patches and updates are released for new versions of software, unsupported versions will be left out. Essentially zero-day vulnerabilities could be in effect for applications that are no longer supported. Therefore, security and stability decrease, raising concern as time progresses. Identifying systems running unsupported applications is an important part of assessing and minimizing organizational risk. This report presents unsupported and unauthorized products found in the environment. Elements include pie charts and tables to display, track, and report on unsupported and unauthorized applications. Vulnerability data for unsupported vulnerabilities is filtered using Nessus plugin 20811, Microsoft Windows Installed Software Enumeration, as well additional filters for unsupported applications. Within this report, sections include Wireshark, WinPcap, TeamViewer, and Steam as examples of unauthorized applications.
Wireless Configuration Report As organizations continue to evolve, wireless technologies are being integrated into existing networks to support employee mobility needs. Since wireless access can expose devices to unique threats, monitoring devices for access to suspicious or malicious wireless networks is essential. This report provides extensive information about the wireless networks accessed by scanned hosts in the organization. Several specific plugins are used to gather extensive details about wireless interfaces and SSID connections from Windows and macOS hosts. Security teams can use this report to easily examine wireless configuration details for scanned hosts and tailor scanning policies in order to include additional hosts. The chapters in this report present both a high-level overview and an in-depth analysis of the wireless configurations detected on hosts in the network. Charts and tables demonstrate which plugins were able to successfully gather wireless configuration details from scanned hosts. An iterator is used to provide extensive detail about wireless configurations of each host, including network interfaces and SSID histories. Security teams can use this detailed report to identify and monitor the wireless connections and configurations of hosts in the organization.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.