Nessus - CloudCommandos/JohnChan GitHub Wiki

Have an internal risk rating as Nessus risk rating may not apply to your design.

Keep a record of security fixes for future reference when the same vulnerabilities appear.

Filter exported scan result by risk rating to easily identify and fix critical / high vulnerabilities.

External traffic-facing apps should have their critical / high vulnerabilities fixed asap.

Vulnerabilities arising from self-generated certs used internally only can be accepted.

Vulnerabilities related to internal services are of lower priority and if justifiable may be accepted.

If target ip of the scan is incorrect, Nessus will continue to query the target ip such that your gateway may be congested.