TOC & Recently Viewed

Recently Viewed Topics

Vulnerability Export Attributes

The table below defines all available attributes of a vulnerability export data chunk. Export chunks do not include an attribute if that attribute is empty in the vulnerability record.

Note: Attribute values that correspond CVSS codes are described fully in the following documents:

Attribute Object Attribute Value Description
asset
agent_uuid string The UUID of the agent that performed the scan where the vulnerability was found.
bios_uuid string The BIOS UUID of the asset where the vulnerability was found.
device_type string The type of asset where the vulnerability was found.
fqdn string The fully-qualified domain name of the asset where a scan found the vulnerability.
hostname string The host name of the asset where a scan found the vulnerability.
uuid string The UUID of the asset where a scan found the vulnerability.
ipv6 string The IPv6 address of the asset where a scan found the vulnerability.
last_authenticated_results date The last date credentials were used successfully to scan the asset.
last_unauthenticated_results date The last date when the asset was scanned without using credentials
mac_address string The MAC address of the asset where a scan found the vulnerability.
netbios_name string The NETBIOS name of the asset where a scan found the vulnerability.
netbios_workgroup string The NETBIOS workgroup of the asset where a scan found the vulnerability.
operating_system string The operating system of the asset where a scan found the vulnerability.
tracked boolean A value specifying whether Tenable.io tracks the asset in the asset management system. Tenable.io still assigns untracked assets identifiers in scan results, but these identifiers change with each new scan of the asset. This parameter is relevant to PCI-type scans and in certain cases where there is not enough information in a scan to identify the asset. Untracked assets appear in the scan history, but do not appear in workbenches or reports.
output
string The text output of the Nessus scanner.
plugin
bid integer The Bugtraq ID for the plugin.
canvas_package string The name of the CANVAS exploit pack that includes the vulnerability.
checks_for_default_account boolean A value specifying whether the plugin checks for default accounts.
checks_for_malware boolean A value specifying whether the plugin checks for malware.
cpe string The Common Platform Enumeration (CPE) number for the plugin.
cve string The Common Vulnerability and Exposure (CVE) ID for the plugin.
cvss3_base_score double The CVSSv3 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments).
cvss3_temporal_score double The CVSSv3 temporal score (characteristics of a vulnerability that change over time but not among user environments).
cvss3_temporal_vector Exploitability string

The CVSSv2 Exploit Maturity Code (E) for the vulnerability the plugin covers.

Possible values are:

  • Unproven—Corresponds to the Unproven (U) value for the E metric.
  • Proof-of-concept—Corresponds to the Proof-of-Concept (POC) value for the E metric.
  • Functional—Corresponds to the Functional (F) value for the E metric.
  • High—Corresponds to the High (H) value for the E metric.
  • Not-defined—Corresponds to the Not Defined (ND) value for the E metric.
RemediationLevel string The CVSSv3 Remediation Level (RL) temporal metric for the vulnerability the plugin covers. The metric value can be (O) Official Fix, (T) Temporary Fix, (W) Workaround, (U) Unavailable, or (X) Not Defined.
ReportConfidence string The CVSSv3 Report Confidence (RC) temporal metric for the vulnerability the plugin covers. The metric value can be (U) Unknown, (R) Reasonable, (C) Confirmed, or (X) Not Defined.
cvss3_vector AccessComplexity string The CVSSv3 Access Complexity (AC) metric for the vulnerability the plugin covers. The metric value can be (L) Low, (M) Medium, or (H) High.
AccessVector string

The CVSSv2 Attack Vector (AV) metric for the vulnerability the plugin covers.

Possible values include:

  • Network—Corresponds to the Network (N) value for the AV metric.
  • Adjacent Network—Corresponds to the Adjacent Network (A) value for the AV metric.
  • Local—Corresponds to the Local (L) value for the AV metric.
Authentication string

The CVSSv2 Authentication (Au) metric for the vulnerability the plugin covers.

Possible values include:

  • None required—Corresponds to the None (N) value for the Au metric.
  • Requires-single-instance—Corresponds to the Single (S) value for the Au metric.
  • Requires-multiple-instances—Corresponds to the Multiple (M) value for the Au metric.
Availability-Impact string The CVSSv2 availability impact metric for the vulnerability the plugin covers. The metric value can be (N) None, (L) Low, or (H) High.
Confidentiality-Impact string The CVSSv3 confidentiality impact metric of the vulnerability the plugin covers to the vulnerable component. The metric value can be (H) High, (L) Low, or (N) None.
Integrity-Impact

string

The CVSSv3 integrity impact metric for the vulnerability the plugin covers. The metric value can be (N) None, (L) Low, or (H) High.
cvss_base_score float The CVSSv2 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments).
cvss_temporal_score float The CVSSv2 temporal score (characteristics of a vulnerability that change over time but not among user environments).
cvss_temporal_vector Exploitability string The CVSSv2 Exploitability (E) temporal metric for the vulnerability the plugin covers. The metric value can be (U) Unproven, (POC) Proof-of-Concept, (F) Functional, (H) High, or (ND) Not Defined.
RemediationLevel string The CVSSv2 Remediation Level (RL) temporal metric for the vulnerability the plugin covers. The metric value can be (OF) Official Fix, (TF) Temporary Fix, (W) Workaround, (U) Unavailable, or (ND) Not Defined.
ReportConfidence string The CVSSv2 Report Confidence (RC) temporal metric for the vulnerability the plugin covers. The metric value can be (UC) Unconfirmed, (UR) Uncorroborated, (C) Confirmed, or (ND) Not Defined.
cvss_vector AccessComplexity string The CVSSv2 Access Complexity (AC) metric for the vulnerability the plugin covers. The metric value can be (L) Low, (M) Medium, or (H) High.
AccessVector string The CVSSv2 Access Vector (AV) metric for the vulnerability the plugin covers. The metric value can be (L) Local, (A) Adjacent Network, or (N) Network.
Authentication string The CVSSv2 Authentication (Au) metric for the vulnerability the plugin covers. The metric value can be (N) None, (S) Single, or (M) Multiple.
Availability-Impact string The CVSSv2 availability impact metric for the vulnerability the plugin covers. The metric value can be (N) None, (P) Partial, or (C) Complete.
Confidentiality-Impact string The CVSSv2 confidentiality impact metric for the vulnerability the plugin covers. The metric value can be (N) None, (P) Partial, or (C) Complete.
Integrity-Impact string The CVSSv2 integrity impact metric for the vulnerability the plugin covers. The metric value can be (N) None, (P) Partial, or (C) Complete.
d2_elliot_name string The name of the exploit in the D2 Elliot Web Exploitation framework.
description string Full text description of the vulnerability.
exploit_available boolean A value specifying whether a public exploit exists for the vulnerability.
exploit_framework_canvas boolean A value specifying whether an exploit exists in the Immunity CANVAS framework.
exploit_framework_core boolean A value specifying whether an exploit exists in the CORE Impact framework.
exploit_framework_d2_elliot boolean A value specifying whether an exploit exists in the D2 Elliot Web Exploitation framework.
exploit_framework_exploithub boolean A value specifying whether an exploit exists in the ExploitHub framework.
exploit_framework_metasploit boolean A value specifying whether an exploit exists in the Metasploit framework.
exploitability_ease string Description of how easy it is to exploit the issue.
exploited_by_malware boolean The vulnerability discovered by this plugin is known to be exploited by malware.
exploited_by_nessus boolean A value specifying whether Nessus exploited the vulnerability during the process of identification.
exploithub_sku string The SKU number of the exploit in the ExploitHub framework.
family string The family to which plugin belongs.
family_id integer The ID of the plugin family.
has_patch boolean A value specifying whether the vendor has published a patch for the vulnerability.
id integer The ID of the plugin that identified the vulnerability.
in_the_news boolean This plugin has gotten a lot of media attention (e.g., ShellShock, Meltdown).
metasploit_name string The name of the related exploit in the Metasploit framework.
ms_bulletin string The Microsoft security bulletin that the plugin covers.
name string The name of the plugin that identified the vulnerability.
patch_publication_date date The date on which the vendor published a patch for the vulnerability.
modification_date date The date on which the plugin was last modified.
publication_date date The date on which the plugin was published.
risk_factor string The risk factor associated with the plugin. Possible values are: Low, Medium, High, or Critical.
see_also string Links to external websites that contain helpful information about the vulnerability.
solution string Remediation information for the vulnerability.
stig_severity string Security Technical Implementation Guide (STIG) severity code for the vulnerability.
synopsis string Brief description of the plugin or vulnerability.
type string The general type of plugin check (for example, local or remote).
unsupported_by_vendor boolean Software found by this plugin is unsupported by the software's vendor (for example, Windows 95 or Firefox 3).
usn string Ubuntu security notice that the plugin covers.
version string The version of the plugin used to perform the check.
vuln_publication_date date The publication date of the plugin.
xrefs string External references (e.g., OSVDB, Secunia, or MS Advisory).
port
port string The port the scanner used to communicate with the asset.
protocol string The protocol the scanner used to communicate with the asset.
service string The service the scanner used to communicate with the asset.
recast_reason
string The text that appears in the Comment field of the recast rule in the Tenable.io user interface.
recast_rule_uuid
string The UUID of the recast rule that applies to the plugin.
scan
completed_at date The date and time in ISO format when the scan completed.
schedule_uuid string The schedule UUID for the scan that found the vulnerability.
started_at date The date and time in ISO format when the scan started.
uuid string The UUID of the scan that found the vulnerability.
severity
string

The severity of the vulnerability as defined using the Common Vulnerability Scoring System (CVSS) base score.

Possible values are:

  • info—The vulnerability has a CVSS score of 0.
  • low—The vulnerability has a CVSS score between 0.1 and 3.9.
  • medium—The vulnerability has a CVSS score between 4.0 and 6.9.
  • high—The vulnerability has a CVSS score between 7.0 and 9.9.
  • critical—The vulnerability has a CVSS score of 10.0.
severity_id
string

The code for the severity assigned when a user recast the risk associated with the vulnerability.

Possible values are:

  • 1—The vulnerability has a CVSS score of 0. Corresponds to the "info" severity level.
  • 2—The vulnerability has a CVSS score between 0.1 and 3.9. Corresponds to the "low" severity level.
  • 3—The vulnerability has a CVSS score between 4.0 and 6.9. Corresponds to the "medium" severity level.
  • 4—The vulnerability has a CVSS score between 7.0 and 9.9. Corresponds to the "high" severity level.
  • 5—The vulnerability has a CVSS score of 10.0. Corresponds to the "critical" severity level.
severity_default_id
string

The code for the severity originally assigned to a vulnerability before a user recast the risk associated with the vulnerability. Possible values are the same as for the severity_id attribute.

severity_modification_type
string

The type of modification a user made to the vulnerability's severity:

  • none—No modification has been made.
  • recasted— A user in the Tenable.io user interface has recast the risk associated with the vulnerability.
  • accepted—A user in the Tenable.io user interface has accepted the risk associated with the vulnerability.

For more information about recast and accept rules, see About Recast Rules in the Tenable.io Vulnerability Management User Guide.

first_found
date The date on which the vulnerability was first found on the asset.
last_fixed
date The date on which the vulnerability was last fixed on the asset.

Tenable.io updates the vulnerability state to fixed when a scan no longer detects a previously detected vulnerability on the asset.

last_found
date The date on which the vulnerability was last found on the asset.
state
string

The state of the vulnerability as determined by the Tenable.io state service.

Possible values are:

  • open—The vulnerability is currently present on an asset.
  • reopened—The vulnerability was previously marked as fixed on an asset, but has been detected again by a new scan.
  • fixed—The vulnerability was present on an asset, but is no longer detected.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.