View Asset Details for Host and Web Application Assets

After you integrate Tenable Attack Surface Management with Tenable Vulnerability Management, you can view additional context about Host and Web Applications on the Asset Details page. The details about Host and Web Application assets include the following:

  • Asset merge criteria details.

  • Visibility into assets already detected by Tenable Vulnerability Management.

  • Security risk information based on ACR and AES scores.

This information helps provide answers to the following questions:

  • Has an asset detected by Tenable Attack Surface Management already been scanned by Tenable Vulnerability Management?

  • What security risks are my external assets most exposed to?

  • Where is my external attack surface lacking coverage the most?

Automatic Population of Primary Domains of a Container

When a container initially acquires a Tenable Attack Surface Management license:

  • The container’s primary domains are automatically added to the user’s initial ASM inventory.

  • Host and Web Application integrations are automatically enabled for their initial inventory for which the primary domains are now populated.

To view Host and Web Application Assets details:

  1. In Tenable Attack Surface Management, in the upper-right corner, click the Inventory drop-down list.

    Tenable Attack Surface Management displays the inventories in the drop-down list.

  2. From the drop-down list, select an inventory.

    The assets for the inventory appear in a table format.

  3. In the list, click the asset for which you want to view more details.

    A slider panel appears with the asset details. The Managed Assets card indicates whether there are host and web application assets. 

  4. Click the Managed Assets tab to view the integration details.

    The Managed Assets tab appears with the details about the Host and Web Application assets.

The Managed Assets tab displays messages about the assets detected in Host and Web Application integration, explaining why a specific asset is included or excluded. Green messages indicate the reason a host is included, while red messages explain why an asset is excluded.

The following is the list of messages that appear in the Managed Assets tab:

  • This asset has been identified as a <Host | WebApp> asset.

  • This asset was not integrated due to integration filters in place.

  • This asset was not integrated due to its record type.

  • This asset was not integrated because a user has previously deleted a < Host | WebApp > asset of the same name or IP address.

  • This asset was not integrated because its IP address is non-routable publicly.

  • This asset was not integrated due to lack of HTTP response.

  • This asset was not integrated because integration was disabled on inventory or global level.

  • This asset was not integrated as it represents a DNS wildcard within an Elastic source and lacks a specific identifying IP or hostname.

  • This asset was not integrated because it is a DNS wildcard, while the integration was configured to identify assets by hostname.

  • This asset was not integrated because WAS scanner does not currently support IPV6.

  • This asset was not integrated due to an internal issue. Please contact customer support for more details.

The Host or Web Application Integration table includes the following information:

Column Description
Name The name of the asset.
ACR The Asset Criticality Rating (ACR) for the asset that indicates how critical the asset is to your organization.
AES The Asset Exposure Score (AES) that indicates the vulnerability of an asset.
Last Scanned Date The date and time when Tenable Vulnerability Management last scanned the asset.
Updated at The date and time when Tenable Attack Surface Management updated the asset details.