v2.1
Powered by

# NamicSoft

By
Brian Johnson

NamicSoft is a software package that runs on Windows and helps you take vulnerability scans (from a variety of sources like Nessus, Burp, Nexpose, nmap, etc.) and slice/dice them into a variety of digestible reports.

# CVSS "gotcha" to watch for

In regards to Nessus scans, they use CVSS v2 by default (at least one of our Nessus instances does). So if you use v2 as the CVSS baseline, then when you generate reports in NamicSoft, go into NamicSoft settings, and under Set severity based on CVSS V3 base score, select No. Here's the note from support with more details:

"If you import with “No” it will keep the severities levels from Nessus. This will be based on CVSS V2 though, and to make sure that it corresponds to the severities seen in Nessus you have to double check which CVSS version it is configured to use. Normally this should be CVSS V3, which means that you should import with “Yes” on this option to make the numbers match.