Tenable Nessus is one of the world's most popular vulnerability scanners. Cyver Core natively offers imports for Nessus CSV and XML files. This includes importing found vulnerabilities and configuration issues across assets, servers, network devices, virtual machines, and endpoints.
You can manually import Nessus XML findings or automatically import them via the API.
Findings Field Mapping
| Field | Values | Example |
| Code | default: auto-generated |
|
| Title | <ReportHost> <ReportItem> <plugin_name>SSL Self-Signed Certificate</plugin_name> </ReportItem> </ReportHost> |
|
| Type | Vulnerability Observation |
|
| Assets | <ReportHost name="157.125.7.145"></ReportHost> | |
| Description | <ReportHost> <ReportItem> <description>The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below : - First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority..</description> </ReportItem> </ReportHost> |
|
| Occurrence | ||
| Labels | ||
| Severity | Info Low Medium High Critical default: Info |
<ReportHost> <ReportItem>severity="1" </ReportItem> </ReportHost> |
| CVSS20Score | <ReportHost> <ReportItem></ReportItem> <cvss_base_score>6.4</cvss_base_score> </ReportHost> |
|
| CVSS20Vector | <ReportHost> <ReportItem></ReportItem> <cvss_vector>CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N</cvss_vector> </ReportHost> |
|
| CVSS30Score | <ReportHost> <ReportItem></ReportItem> <cvss3_base_score>6.5</cvss3_base_score> </ReportHost> |
|
| CVSS30Vector | <ReportHost> <ReportItem></ReportItem> <cvss3_vector>CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N</cvss3_vector> </ReportHost> |
|
| CVSS31Score | ||
| CVSS31Vector | ||
| CVSS40Score | ||
| CVSS40Vector | ||
| Impact | 0 1 2 3 4 5 default: 0 |
|
| ImpactDescription | ||
| Likelihood | 0 1 2 3 4 5 default: 0 |
|
| LikelihoodDescription | ||
| VulnerabilityTypes | DoS CodeExecution Overflow MemoryCorruption SqlInjection XSS DirectoryTraversal HttpResponseSplitting BypassSomething GainInformation GainPrivileges CSRF FileInclusion |
|
| CWEList | for example: CWE-1; CWE-721 |
|
| CVEList | for example: CVE-1; CVE-721 |
|
| MITRE ATT&CK Techniques | ||
| MITRE ATT&CK Mitigations | ||
| MITRE ATT&CK Tactics | ||
| Controls | ||
| Compliance Status | ||
| Compliance Comment | ||
| BackgroundInformation | <ReportHost> <ReportItem></ReportItem> <synopsis>The SSL certificate chain for this service ends in an unrecognized self-signed certificate.</synopsis> </ReportHost> |
|
| Recommendation | <ReportHost> <ReportItem></ReportItem> <solution>Purchase or generate a proper SSL certificate for this service.</solution> </ReportHost> |
|
| External References | ||
| Status | Draft PendingFix Fixed ReadyRetest Accepted ToReview Reviewed default: Draft |
|
| Evidence Title | ||
| Evidence Location | ||
| Evidence Version | ||
| Evidence Reproduction | ||
| Evidence Results | ||
| Evidence Issue Details |
Important Notes & Limitations
- The maximum number of findings that can be imported in a single upload is 5,000 findings.
- If your file exceeds this limit, the import may fail depending on the selected import options (e.g., aggregation settings or filtering by severity).