Configure Severity Base for an Individual Scan

Note: By default, new installations of Nessus use CVSSv3 scores (when available) to calculate severity for vulnerabilities. Preexisting, upgraded installations retain the previous default of CVSSv2 scores.

You can configure individual scans to use a particular severity base, which overrides the default severity base for that scan. If you change the default severity base, scans with overriden severity bases do not change.

To change the default severity base across the Nessus instance, see Configure Your Default Severity Base.

For more information about CVSS scores and severity ranges, see CVSS Scores vs. VPR.

To configure the severity base for an individual scan:

  1. In the top navigation bar, click Scans.

    The My Scans page appears.

  2. In the scans table, click the scan for which you want to change the severity base.

    The scan page appears. The Scan Details, including the scan's current severity base, appear on the right side of the page.

  3. Under Scan Details, next to the current Severity Base, click the button.

    The Change Severity Rating Base window appears.

  4. From the Severity Rating Base drop-down box, select one of the following:

    • CVSS v2.0 — The severity for vulnerabilities found by the scan is based on CVSSv2 scores. This setting overrides the default severity base set on the Nessus instance.

    • CVSS v3.0 — The severity for vulnerabilities found by the scan is based on CVSSv3 scores. This setting overrides the default severity base set on the Nessus instance.

    • Default — The severity for vulnerabilities found by the scan use the Nessus default severity base, which appears in parentheses. If you change the default severity base later, the scan automatically uses the new default severity base.

  5. Click Save.

    Nessus updates the severity base for your scan. The scan results update to reflect the updated severity.