Interact with Asset Query Data

After you run an Asset Query, Tenable Exposure Management displays the results associated with your query. From here, you can drill down and interact with the data to gain further insights.

To view and interact with asset query data:

Generate an Asset Query with the Asset Query Builder.

The Query Result page appears.

On the Query Result page, you can:

Note: Because the options and data in this section depend on the type of query you run, some of the following items may not be available for your query.

View a list of assets that match your query. For example, if the query searches for workstations, the list displays all assets that have a type of Workstation. This table includes the following asset information:

Column	Description
View Node	Click the button to view the asset nodes in a graphical format. For more information, see View Asset Nodes.
Name	The asset name.
Type	The asset type, for example Workstation or ServiceAccount. Tip: Hover your mouse cursor over the icon in this column to view the full name of the asset type.
NES	The Node Exposure Score (NES) is a metric produced by Tenable Exposure Management to understand the blast radius exposure of a node. This metric considers the Vulnerability Priority Rating of all vulnerabilities on the asset as well as other relationships such as software installed, sub-networks to which the asset belongs, internet exposure, etc.
AES	Tenable calculates a dynamic AES for each asset on your network to represent the asset's relative exposure as an integer between 0 and 1000. A higher AES indicates higher exposure.
ACR	Tenable assigns an ACR to each asset on your network to represent the asset's relative criticality as an integer from 1 to 10. A higher ACR indicates higher criticality.
Actions	Click the button to view available actions. A menu appears: Click Export as CSV to export the asset information as a .csv file.

Export one or more assets from the list:
Do one of the following:
- To export individual assets:
- To export all assets in the list:
  1. At the top of the list, click Export All.
Tenable Exposure Management downloads the list of selected assets as a .csv file.

View Asset Nodes

When you click View Nodes in the Query Result list, Tenable Exposure Management shows a graphical representation of the selected asset node.

Note: Because the options and data in this section depend on the type of query you run, some of the following items may not be available for your query.

In this section you can:

(Optional) On the left side of the graph, in the asset list, select any asset for which you want to view the node.

Note: The assets in this list are the assets that match your asset query parameters.
View an icon that represents the asset.
- Where applicable, view color-coded assets:
  - Exposed assets highlighted in red.
  - Critical assets highlighted by the icon.
Click on a step or an asset to view node details for that item.
Use your mouse cursor, the zoom slider, or the + and - buttons in the lower-right corner of the graph to zoom the graph in and out.
(Not available in FedRAMP environments) Click AI Assistant to open an AI chat window, where you can ask questions related to the asset node or the attack path to which it belongs.

Using this AI, users can better understand the attack path and its associated risk. Here, you can also gain additional insight into the assets affected by the attack path.

For more information about AI explainability, how to use it, and its limitations, see the Generative AI Best Practices Guide.
Click the button to enable or disable full-screen view.
Click the button to reset the graph.
Right-click on a step or an asset node to open a menu with additional options:
- (Not available in FedRAMP environments) Ask AI About This Node — Click to open an AI chat window, where you can ask questions related to the asset node or the attack path to which it belongs.
  Using this AI, users can better understand the attack path and its associated risk. Here, you can also gain additional insight into the assets affected by the attack path. For more information about AI explainability, how to use it, and its limitations, see the Generative AI Best Practices Guide.
- Expand Node — Click to expand a full view of all items related to the asset node.
- Blast Radius — Click to open a blast radius query, where the selected node is the source of the attack path. For more information, see Generate a Blast Radius Query.
- Asset Exposure — Click to open an Asset Exposure query, where the selected node is the target of the attack path. For more information, see Generate an Asset Exposure Query .

View Node / Attack Details

The details panel displays additional information about asset nodes and attack paths visible on the asset node graph.

To view the information panel for a node or technique:

Click a node on the canvas.

A panel appears at the bottom of the page with information about the node.

Tip: In the upper-right corner, click View Asset Details to view the node and its details directly on the Asset Details page.

This information includes, but is not limited to:
- Open Ports — The open ports on the asset.
- ACR — Tenable assigns an ACR to each asset on your network to represent the asset's relative criticality as an integer from 1 to 10. A higher ACR indicates higher criticality.
- AES — Tenable calculates a dynamic AES for each asset on your network to represent the asset's relative exposure as an integer between 0 and 1000. A higher AES indicates higher exposure.
- AVR — The Asset Vulnerability Rating (AVR) is an aggregation of all Vulnerability Priority Rating (VPR) scores for vulnerabilities detected on the asset.
- NES — The Node Exposure Score (NES) is a metric produced by Tenable Exposure Management to understand the blast radius exposure of a node. This metric considers the Vulnerability Priority Rating of all vulnerabilities on the asset as well as other relationships such as software installed, sub-networks to which the asset belongs, internet exposure, etc.
- Sensors — The sensor or sensors that detected the asset.