Nessus

設定とトラブルシューティング

ID.

Q. TNS| レポートのSeverityは何を基準にしていますか?

A.


Severityの振り分けは基本的にCVSS Base Scoreを元に行われています。

0 = Info
4未満 = Low
7未満 = Medium
10未満 = High
10 = Critical

[参考]

  • https://docs.tenable.com/nessus/6_10/Content/ScanReportFilters.htm
    This filter can be used to select by risk level. The severity ratings are derived from the associated CVSS score, where 0 is Info, less than 4 is Low, less than 7 is Medium, less than 10 is High, and a CVSS score of 10 will be flagged Critical.
  • https://docs.tenable.com/nessus/6_10/Content/AboutNessusPlugins.htm
    Nessus supports the Common Vulnerability Scoring System (CVSS) and supports both v2 and v3 values simultaneously. If both CVSS2 and CVSS3 attributes are present, both scores will get calculated. However in determining the Risk Factor attribute, currently the CVSS2 scores take precedence.

<< 設定とトラブルシューティングに関するFAQ一覧へ戻る