Skip to content

Nessus

Abstract

Nessus is a common commercial Vulnerability Scanner. It can be used to find vulnerabilities and map them to assets.

Where to Acquire

Nessus can be downloaded from https://www.tenable.com/products/nessus-vulnerability-scanner.

Examples/Use Case

Nessus is primarily thought of as a system used to identify which vulnerabilities exist in an environment. While it does extremely well at this it has other equally important uses. One use case often overlooked is using Nessus to performed authenticated scans with no vulnerability checks. What this provides is a list authorized and potentially unauthorized devices. When combined with a SIEM this can be extremely powerful.

Another more common use case is to automatically correlate vulnerability data against alerts. This can help prioritize alerts.