On Fri, Apr 30, 2004 at 12:26:35PM +0200, Lillian wrote: > just like to know if Nessus categorize its vulnerabilities in such a way > that vulnerabilities of similar nature are grouped together to form a > vulnerabilty category.
Nessus has a couple of different classification schemes:
o categories
These are listed in nessus-core/doc/WARNING.En and reflect
at a broad but fuzzy level what the plugin does: eg, gather
info, scan a host, attack a host, kill a service, etc.
Most people I would guess use categories only to the extent
they select "Enable all but dangerous plugins" in the GUI.
o families
See <http://cgi.nessus.org/plugins/dump.php3?viewby=family> for
a list of possible families. This is what the Nessus GUI presents
at a broad level when you look at the plugin window.
o risks
These are not standardized but generally fall into one of
Critical, High, Medium, or Low, based on each plugin author's
perceived risk of the vulnerability tested by a plugin.
George
--
[EMAIL PROTECTED]
pgp00000.pgp
Description: PGP signature
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
