Info-level Reporting

Info-level Reporting is a scan setting available for Nessus Agent vulnerability scan templates. The setting specifies how often the agent scan should report unchanged Info-severity vulnerability findings.

Description

Info-severity findings can account for up to 90% of agent scan findings. Most Info-level findings do not change from scan to scan and have minimal impact on your overall network exposure. Configuring Info-level Reporting can help minimize your scan processing times by decreasing the number of unchanged Info-severity findings that Tenable Vulnerability Management processes after every agent scan.

After you configure an agent scan, the first execution of that scan always reports all detected findings regardless of severity level. This is known as a baseline scan. Subsequent scans return all vulnerability findings with a severity of Low or higher, and any new or changed Info-level findings. Agents do not re-report existing, unchanged Info-level findings to Tenable Vulnerability Management until a new baseline scan is performed.

When you view agent vulnerability scan results in the Tenable Vulnerability Management user interface, baseline scans are indicated with the baseline icon (). For example:

Note: The baseline icon does not appear for triggered scans, regardless of whether or not the scan was a baseline scan.

The baseline icon always appears for scans whose scan configurations do not have the Info-level Reporting setting. This is because every execution of that scan includes all findings and is, therefore, a baseline scan.

The baseline icon does not appear for scans whose configurations have the Info-level Reporting setting, but were run before the Info-level Reporting feature was released.

Configuration

You can configure the agent scan to report all severity findings by launching a new baseline scan after one of the following intervals:

  • After number of scans — The agent scan reports all findings every x number of scans. You choose from the following increments: 7, 10, 15, or 20 scans.

    For example, if you set the value to the default of 10, the agent scan reports all findings in its next scan and then reports all findings again during every 10th scan. All interim scans only return findings with a severity of Low or higher, as well as any new or changed Info-level findings.

  • After number of days — The agent scan reports all findings after a set number of days after the previous day on which the agent scan last reported all findings. You choose from the following increments: 7, 10, 20, 30, 60, or 90 days.

    For example, if you set the value to the default of 10, the agent scan reports all findings in its next scan. For 10 days, all interim scans return all findings with a severity of Low or higher and any new or changed Info-level findings. After the 10-day period passes, the agent scan reports all findings again in its next scan.

    You can only set triggered agent scans to After number of scans. You can set Scan Window scans to either After number of scans or After number of days.

    The default value for triggered agent scans is After 10 scans, and the default value for Scan Window agent scans is After 10 days. Tenable recommends using the default values. Only lower the value if doing so is necessary for your organization.

In addition to Info-level Reporting, you can enable Force refresh of all Info-severity vulnerabilities on next scan to force the agent scan to report all findings in the next scan. After the next scan completes and reports all findings, the Info-level Reporting setting determines how often the scan reports Info-severity findings.

Note: All vulnerability findings with a severity of Low or higher and new or changed Info-severity vulnerabilities are always reported after every scan.

Limitations and Considerations

  • Only agents version 10.5.0 and later can use the Info-level Reporting setting. Any agents on earlier versions always perform baseline scans.

  • The Info-level Reporting setting is not supported when Tenable Vulnerability Management is connected to Tenable Security Center.

  • Agent scans with configured Compliance settings do not support the Info-level Reporting setting. All agent scans with Compliance settings configured are baseline scans.

  • If you recast an Info-level plugin to a higher severity level (for example, Low or Medium), the plugin is still affected by Info-level Reporting and excluded from non-baseline scans if the plugin output has not changed.

  • Each individual agent calculates the After number of scans value separately. Therefore, triggered scans can return a combination of baseline and non-baseline results.

  • Plugins 19506 (Nessus Scan Information) and 42980 (SSL Certificate Expiry) are always reported in full with every scan.