Asset Filters
On the Assets page, you can refine the asset list using Tag Filters and Tenable-Provided Filters based on attribute properties.
Tags allow you to add descriptive metadata to assets that helps you group assets by business context. You can use tags to filter the asset list. Under the Tags tab, search for or select the tag by which you want to filter the list.
Under the Properties tab, you can use Tenable-Provided filters to refine the asset list by the following asset properties. The following table lists some, but not all, available filters:
| Filter | Description |
|---|---|
| id | The asset's UUID. |
| name |
The asset identifier. Tenable Exposure Management assigns this identifier based on the presence of certain asset attributes in the following order:
For example, if scans identify a NetBIOS name and an IPv4 address for an asset, the NetBIOS name appears as the asset name. |
| aes_score |
(Requires Tenable Lumin license) The Asset Exposure Score (AES) calculated for the asset. |
| last_update |
The time and date when the asset record was last updated. |
| total_tags | The total number of tags associated with the asset. |
| type | The type of asset. |
| system_type |
The system types as reported by Plugin ID 54615. For more information, see Tenable Plugins. |
| created |
The time and date when Tenable Exposure Management created the asset record. |
| sources | The source of the scan that identified the asset. |
| last_licensed_scan_time |
The time and date of the last scan that identified the asset as licensed. |
| first_observed |
The date and time when a scan first identified the asset. |
| last_observed |
The date and time of the scan that most recently identified the asset. |
| bios_id |
The NetBIOS ID for the asset. |
| fqdns |
The fully-qualified domain name of the host that the vulnerability was detected on. |
| mac_addresses |
A MAC address that a scan has associated with the asset record. |
| host_name | The hostname of the asset. This string is determined by information reported by target plugins, and is dependent on the user's environment and configuration. |
| netbios_name |
The NetBIOS name for the asset. |
| network_id | The ID of the network object associated with scanners that identified the asset. |
| operating_systems |
The operating systems that a scan identified as installed on the asset. |
| ssh_fingerprint | The SSH fingerprint associated with the asset. |
| installed_software |
The software that a scan identified as installed on the asset. |
| acr_score | (Requires Tenable Lumin license) The asset's ACR. |
| critical_vuln_counts | The number of vulnerabilities that are of critical severity on the asset. |
| high_vuln_counts | The number of vulnerabilities that are of high severity on the asset. |
| medium_vuln_counts | The number of vulnerabilities that are of medium severity on the asset. |
| low_vuln_counts | The number of vulnerabilities that are of low severity on the asset. |
| has_severity_vulns |
Specifies whether the asset has associated severity vulnerabilities. |
| has_plugin_results |
Specifies whether the has plugin results. |
| tenable_id | The UUID of the asset in Tenable Vulnerability Management. |
| service_now_sys_id |
Where applicable, the unique record identifier of the asset in ServiceNow. For more information, see the ServiceNow documentation. |
| ipv4_addresses |
The IPv4 address associated with the asset record. This filter supports multiple asset identifiers as a comma-separated list (for example, hostname_example, example.com, 192.168.0.0). For IP addresses, you can specify individual addresses, CIDR notation (for example, 192.168.0.0/24), or a range (for example, 192.168.0.1-192.168.0.255). Note: Ensure the filter value does not end in a period. |
| ipv6_addresses |
An IPv6 address that a scan has associated with the asset record. This filter supports multiple asset identifiers as a comma-separated list. The IPV6 address must be an exact match. (for example, 0:0:0:0:0:ffff:c0a8:0). Note: Ensure the filter value does not end in a period. |
| last_authenticated_scan_time |
The date and time of the last authenticated scan run against the asset. |
| cloud_source |
The cloud source of the scan that identified the asset. |
| is_public |
Specifies whether the asset is available on a public network. Note: A public asset is within the public IP space and identified by the is_public attribute in the Tenable Vulnerability Management query namespace. |
| is licensed |
Specifies whether or not the asset is included in your license count. |
| aws_ec2_instance_ami_id |
The unique identifier of the Linux AMI image in Amazon Elastic Compute Cloud (Amazon EC2). For more information, see the Amazon Elastic Compute Cloud Documentation. |
| aws_availability_zone |
The name of the Availability Zone where AWS hosts the virtual machine instance. For more information, see Regions and Availability Zones in the AWS documentation. |
| aws_ec2_instance_id |
The unique identifier of the Linux instance in Amazon EC2. For more information, see the Amazon Elastic Compute Cloud Documentation. |
| aws_ec2_instance_type |
The type of virtual machine instance in Amazon EC2. Amazon EC2 instance types dictate the specifications of the instance (for example, how much RAM it has). For a list of possible values, see Amazon EC2 Instance Types in the AWS documentation. |
| aws_ec2_name |
The name of the virtual machine instance in Amazon EC2. |
| aws_owner_id |
A UUID for the Amazon Web Service (AWS) account that created the virtual machine instance. For more information, see AWS Account Identifiers in the AWS documentation. |
| aws_ec2_product_code |
The product code associated with the AMI used to launch the virtual machine instance in Amazon EC2. |
| aws_region |
The region where AWS hosts the virtual machine instance, for example, us-east-1. For more information, see Regions and Availability Zones in the AWS documentation. |
| aws_ec2_instance_group_names | The group names within the virtual machine instance in Amazon EC2. |
| aws_ec2_instance_state_name |
The state name of the virtual machine instance in AWS at the time of the scan. For possible values, see API Instance State in the Amazon Elastic Compute Cloud Documentation. |
| aws_subnet_id |
The unique identifier of the AWS subnet where the virtual machine instance was running at the time of the scan. |
| aws_vpc_id |
The unique identifier of the public cloud that hosts the AWS virtual machine instance. For more information, see the Amazon Virtual Private Cloud User Guide. |
| is_managed_by_ssm | Specifies whether the asset is on a system managed by an AWS Systems Manager (SSM). |
| azure_resource_id |
The unique identifier of the resource in the Azure Resource Manager. For more information, see the Azure Resource Manager Documentation. |
| azure_vm_id |
The unique identifier of the Microsoft Azure virtual machine instance. For more information, see Accessing and Using Azure VM Unique ID in the Microsoft Azure documentation. |
| azure_subscription_id | The unique subscription identifier of the resource in the Azure Resource Manager. For more information, see the Azure Resource Manager Documentation. |
| azure_resource_group | The name of the resource group in the Azure Resource Manager. For more information, see the Azure Resource Manager Documentation. |
| azure_location | The location of the resource in the Azure Resource Manager. For more information, see the Azure Resource Manager Documentation. |
| azure_type | The type of the resource in the Azure Resource Manager. For more information, see the Azure Resource Manager Documentation. |
| account_id | The account ID associated with the asset. |
| resource_name | The resource name for the asset. |
| resource_id | The resource ID for the asset. |
| resource_type | The asset's cloud resource type (for example, network, virtual machine). |
| unique_identifier | The UUID for the cloud resource account associated with the asset. |
| source |
The source of the scan that identified the asset |
| region | The cloud region where the asset runs. |
| zone | The zone where the asset runs. |
| discovery_information | Specific information about how or where a scan discovered the asset. |
| cloud_tags | Tenable Vulnerability Management tags associated with the asset. For more information, see Tags in the Tenable Vulnerability Management User Guide. |
| gcp_instance_id |
The unique identifier of the virtual machine instance in Google Cloud Platform (GCP). |
| gcp_project_id |
The customized name of the project to which the virtual machine instance belongs in GCP. For more information, see Creating and Managing Projects in the GCP documentation. |
| gcp_zone |
The zone where the virtual machine instance runs in GCP. For more information, see Regions and Zones in the GCP documentation. |
| ssl_tls_enabled | Specifies whether the application on which the asset is hosted uses SSL/TLS public-key encryption. |