From the course: Vulnerability Management with Nessus
Join today to access over 24,900 courses taught by industry experts.
Correlating scan results - Nessus Tutorial
From the course: Vulnerability Management with Nessus
Correlating scan results
- [Instructor] In addition to validating your scan results to eliminate false positive reports and remove documented exceptions, you'll also want to correlate scan reports with information available to you from other sources. The first source of information you should consult is any industry standards, best practices, or compliance obligations that are relevant to your organization. These standards may provide specific guidance on the types of vulnerabilities that require more urgent remediation. For example, PCI DSS contains some very specific guidance on vulnerability scanning. Let me give you a quote from the standard's "Quick Reference Guide". "To receive a pass, external scan reports must not include any vulnerability that has been assigned a CVSS base score equal to or higher than 4.0, or any vulnerability that indicates features or configurations that are in violation of PCI DSS." That's very explicit guidance that is very helpful to an analyst in a PCI DSS computing…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.