Vulnerabilities
OT Security identifies various types of threats that affect the assets in your network. As information about new vulnerabilities are discovered and released into the general public domain, Tenable, Inc. research staff designs programs to enable Tenable Nessus to detect them.
These programs are named Plugins, and are written in the Tenable Nessus proprietary scripting language, called Nessus Attack Scripting Language (NASL). Plugins detect CVEs as well as other threats that can affect assets in your network (e.g. obsolete operating systems, usage of vulnerable protocols, vulnerable open ports, etc.)
Plugins contain vulnerability information, a generic set of remediation actions, and the algorithm to test for the presence of the security issue.
For information about updating your Plugin set, see Environment Configuration.
Vulnerabilities Screen
The Vulnerabilities screen shows a list of all vulnerabilities detected by the Tenable Plugins that affect your network and assets.
You can customize the display settings by adjusting which columns are displayed and where each column is positioned. For an explanation of the customization features, see Management Console UI Elements.
The information shown in the Vulnerabilities tab is described in the following table:
| Parameter | Description |
|---|---|
| Name | The Name of the Vulnerability. The Name is a link to show the full Vulnerability listing. |
| Severity | This score indicates the severity of the threat detected by this Plugin. Possible values: Info, Low, Medium or High. |
| VPR | Vulnerability Priority Rating (VPR) is a dynamic indicator of the severity level, which is constantly updated based on the current exploitability of the vulnerability. This value is generated by Tenable as the output of Tenable Predictive Prioritization, which assess the technical impact and threat posed by the vulnerability. VPR values range from 0.1-10.0, with a higher value representing a higher likelihood of exploitation. |
| Plugin ID | The unique identifier of the Plugin. |
| Affected Assets | The number of assets in your network that are affected by this Vulnerability. |
| Plugin family | The family (group) with which this Plugin is associated. |
| Comment | You can add free text comments about this Plugin. |
Plugin Details
Click on a Plugin Name to show detailed information about that Plugin.
This screen contains three elements:
-
Header bar – shows basic info about the specified Vulnerability, and contains the Actions button, which allows you to edit vulnerability details. See Editing Vulnerability Details.
-
Details tab – shows the full description of the Vulnerability and gives links to relevant resources.
-
Affected Assets tab – shows a listing of all assets that are affected by the specified Vulnerability. Each listing includes detailed information about the asset, as well as a link to view the Asset Details window for that asset.
Editing Vulnerability Details
To edit Vulnerability Details:
-
In the relevant Vulnerability Details page, click on the Actions button at the top-right corner.
The Actions menu is displayed.
-
In the Actions menu, click Edit Details.
The Edit Vulnerability Details side panel is displayed.
-
In the Comments field, enter comments about the vulnerability.
-
In the Owner field, enter the name of the person assigned to address the vulnerability.
-
Click Save.
