View Vulnerabilities

The Vulnerabilities tab of the Findings page displays the vulnerabilities detected during the Agentless Assessment of EC2 instances and Azure virtual machines.

  1. Access Tenable Cloud Security.

    The Dashboard page appears.

  2. In the left navigation pane, click Findings.

    The Misconfigurations tab appears.

  3. Click the Vulnerabilities tab.

    The Vulnerabilities tab appears with the list of vulnerabilities.

  4. To view specific vulnerabilities, do one of the following:

    • Use the Search box to search by CVE or Plugin ID.

    • Use the following filters:

      1. Click the Filters icon to open the Filter Vulnerabilities box.

      2. Select the following filters as needed.

        Filter Description
        Severity Filters the list by severity: critical, high, medium, or low.
        Plugin family Filters the list of vulnerabilities by plugin family name. Use the search box to search for a specific plugin family.
        VPR Filters by the vulnerability priority rating (VPR) score.
        Projects Filters the list by projects.
        Cloud provider Filters the list by cloud providers.
        Cloud accounts Filters the list by cloud accounts.
        Source Filters by the source of the vulnerability — Cloud or Image.
      3. Click Apply Filters.

        Tenable Cloud Security applies the filters and displays the filtered vulnerabilities.

  • To export the list of vulnerabilities as a CSV, click Export > CSV.
  • To add or remove columns from the Vulnerabilities table:
    1. Click to display the column names.
    2. Select or deselect the check boxes next to the column name as needed.

      Tenable Cloud Security displays the selected columns.

      Note: You cannot remove the Severity and Name columns from the table and these are disabled.

  • Click to refresh the vulnerabilities list.

    Vulnerabilities Table

    The Vulnerabilities table displays the following details:

    Column Description
    Severity This is the severity level of the vulnerability whether Low, Medium, or Critical.
    Name The name of the vulnerability.
    CVSS3 Score The NVD-provided CVSSv3 impact score for the vulnerability. If the NVD did not provide a score, Tenable Cloud Security shows a Tenable-predicted score.
    Plugin family The plugin family for the vulnerability.
    Impacted resources The number of impacted resources.
    VPR Score The Vulnerability Priority Rating (VPR) assigned to the vulnerability.
    Last detected This is the time when the vulnerability was last detected.

    • To view the details of a vulnerability, click the vulnerability name.

      The Vulnerability details plane appears with the following information:

      SectionDescription
      Vulnerability information

      Includes the details about the vulnerability such as the severity, plugin family, plugin ID, the ease of exploitation, and the patch publication date.

      VPR Key DriversGives the key drivers that Tenable uses to calculate the VPR of a vulnerability.
      DescriptionProvides a description of the vulnerability.
      SolutionProvides the solution to fix the vulnerability.
      Impacted ResourcesLists the impacted resources and the detection date of the vulnerability on the resource.