The top five vulnerabilities of 2022 as described in Tenable's 2022 Threat Landscape Report:
Log4shell, Apache Log4j - CVE-2021-44228
Follina, Microsoft Support Diagnostic Tool - CVE-2022-30190
Atlassian Confluence Server and Data Center - CVE-2022-26134
ProxyShell, Microsoft Exchange Server - CVE-2021-34473
Known Vulnerabilities - CVE-20XX-XXXX
NOTE: Vulnerabilities are identified by their Common Vulnerabilities and Exposure (CVE) identifier. A CVE identifier consists of the letters CVE followed by the year and a sequence number (CVE-YYY-SSSSSSS). Currently, sequence numbers can be up to 7 digits in length, but are typically shorter. Both Tenable.io and Tenable.sc provide a method to search for CVE identifiers using the CVE ID filter. More than a single CVE ID can be within a single CVE ID filter by separating the CVE IDs with a comma.
Additional filters can be used to narrow, or focus vulnerability results. For example, Plugin Family filters can narrow results to specific device families. Tagging can be used to group assets and tags can then be used as a filter. Date Ranges, State, Vulnerability Priority Rating (VPR), CVSS Base Scores, Exploitability Ease, and even Severity rating can be utilized to focus, narrow and refine results. More information on available filters can be found here: Tenable.io Vulnerability filters, Tenable.sc Vulnerability Filters.
Specific scan templates, known as Tactical Scan Templates are pre-configured to scan for specific vulnerabilities, such as Log4Shell, ProxyLogon, and specific vulnerabilities identified by the Threat Landscape Report.
These predefined templates can be found under Vulnerability Management → Scans → Select a Scan Template in Tenable.io, or Scans → Policies → Add a Policy in Tenable.sc.