Hello,
We've been testing DefectDojo for managing Nessus imports. I've noticed that the Severity seems to be acting weird. It seems to take the values from the Nessus scan correctly, but not display them correctly. If I then go to edit the finding, it will have the right settings and then saving it without making changes it displays as it does according to the Nessus report. As an example, this finding is marked in Nessus as a 9.8 - Critical, but is showing in DefectDojo findings as a 9.8 High:
If I then go and edit it, it has critical as the severity rating:
And then saving that without making any changes to what was already there changes it to a critical:
Is this expected behaviour? It seems odd.
Hello,
We've been testing DefectDojo for managing Nessus imports. I've noticed that the Severity seems to be acting weird. It seems to take the values from the Nessus scan correctly, but not display them correctly. If I then go to edit the finding, it will have the right settings and then saving it without making changes it displays as it does according to the Nessus report. As an example, this finding is marked in Nessus as a 9.8 - Critical, but is showing in DefectDojo findings as a 9.8 High:
If I then go and edit it, it has critical as the severity rating:
And then saving that without making any changes to what was already there changes it to a critical:
Is this expected behaviour? It seems odd.