This chapter covers reporting options in Nessus. The content of the Vulnerability Assessment report should be customized to suit the audience of the report, ranging from higher management to technical teams working on the closure of vulnerabilities. After completing the scan, the output is available under the Result tab in Nessus. Under this tab, we have the summary of hosts, the vulnerabilities found, and an option to export the results.

Results can be exported in different formats, such as PDF, CSV, and HTML, and Nessus offers five options to decide on the content to be included, namely Hosts Summary (Executive), Vulnerabilities by Host, Compliance Checks, Vulnerabilities By Plugin, and Compliance Checks (Executive). The Result tab also has a filtering option where the drop-down menu filters the required class and types of vulnerabilities and can be filtered from the overall output.

The report captures scan information along with vulnerability details, including the synopsis, description, solution, risks, plugins, the CVSS score, and other important details.

This chapter also covers report customization from an external consultant perspective and the kinds of details that should be captured in the report. Finally, the report automation concept was introduced; this can be done using scripts and also through integration with the GRC compliance tool or SIEM solutions.