Reporting the Results
Nessus includes a reporting tool that allows for viewing and printing results. The reports can be written to a file in a variety of formats, including HTML, LaTeX, ASCII, and XML. Graphical HTML reports are also supported, creating fancy pie charts of the results. The reports also include specific recommendations for fixing each discovered vulnerability.
The reporting tool displays the relative sensitivity of each discovered vulnerability, categorized as high-, medium-, and low-risk. These risk categories are assigned by the developer of the plug-in and may vary for particular networks. For example, the same medium-risk vulnerability on my run-of-the-mill server may pose a high risk to your mission-critical system. Likewise, Nessus may rank a vulnerability as high-risk that has little impact on your sacrificial server. Therefore, these vulnerability levels in Nessus or any other scanning tool should be taken as an approximation of the actual vulnerability. You need to interpret the results in accordance with your own network policies.