Weaknesses
Weaknesses are vulnerabilities and misconfigurations on your assets. The Weaknesses view highlights weaknesses on your assets and provides useful insights into those weaknesses, including descriptions, assets affected, criticality, and more.
To access the Weaknesses view:
-
Access the Inventory View view.
The Assets view appears by default.
-
Click the Assets drop-down.
A menu appears.
-
Click Weaknesses.
The Weaknesses view appears.
In the Weaknesses view, you can:
-
View the total number of weaknesses on assets within your container.
-
View the total number of new weaknesses discovered within the last 7 days.
-
View the total number of new weaknesses with a Vulnerability Priority Rating (VPR) greater than 7.
-
In the weakness type drop-down, filter the list by the following weakness types:
-
Misconfigurations
-
Vulnerabilities
The weakness numbers at the top of the page and the weakness list update accordingly.
-
-
Use the Search box to search for a specific weakness in the list.
-
Filter the weaknesses list:
-
Click Filter .
The Add filter button appears.
-
Click Add filter .
A menu appears.
-
Do one of the following:
-
To search the weakness list by tag, click Tags.
-
To search the weakness list by asset property, click Properties.
-
-
In the search box, type the criteria by which you want to search the list.
Tenable Inventory populates a list of options based on your criteria.
-
Click the tag or property by which you want to filter the weakness list.
A menu appears.
-
Select how to apply the filter. For example, if you want to search for a weakness whose name is CVE-0000-0000, then select the contains radio button and in the text box, type CVE-0000-0000.
-
Click Add filter .
The filter appears above the asset list.
-
Repeat these steps for each additional filter you want to apply.
-
Click Apply filters.
Tenable Inventory filters the list by the designated criteria.
-
-
Export the table:
-
Click Export.
The Export table plane appears.
-
In the Columns to export section, select the checkbox for each column you want to include in the export file.
-
(Optional) To include columns not currently in the table view, click Add more columns.
The Add columns to export plane appears.
-
Select the checkbox for each additional column you want to include in the export file.
-
-
In the rows section, ensure the Current Page radio button is selected.
Tip: Currently, you can only export the rows listed on the current page. -
Click Export .
Tenable Inventory downloads the export file to your computer. Depending on your browser settings, your browser may notify you that the download is complete.
-
-
Customize the columns in the table:
-
Click Columns .
The Customize columns window appears.
-
(Optional) In the Reorder added columns section, click and drag any column name to reorder the columns.
-
(Optional) In the Show/Hide section, select/delesect the checkboxes to show or hide columns in the table.
-
(Optional) In the Remove section, click the button to permanently remove a column from the table.
-
(Optional) To add columns to the table, click Add Columns.
The Add columns to table window appears.
-
(Optional) Use the search bar to search for a column property.
The list of column properties updates based on your search query.
-
Select the checkbox next to any column or columns you want to add to the table.
-
Click Add.
The column appears in the Customize columns window.
-
-
(Optional) Click Reset to Defaults to reset all columns to their defaults.
-
Click Apply Columns.
Tenable Inventory saves your changes to the columns in the table.
-
-
View a list of your weaknesses, including the following information:
-
Weakness Name — The Common Vulnerability Exposure (CVE) ID associated with the weakness.
-
Description — A brief description of the weakness.
-
Type — The type of weaknesses: Misconfiguration or Vulnerability.
-
Severity — The severity of the weakness, for example, Critical.
Note: At this time, Tenable Inventory does not include information for Info level severity weaknesses.Note: Because Tenable One calculates CVEs using VPR and Tenable Cloud Security calculates using CVSS, you may notice a difference in severity across weaknesses between these applications. -
VPR — The Vulnerability Priority Rating (VPR) of the weakness.
-
Impacted Assets — The number of assets impacted by the weakness. For more information, see Assets.
-
Choke Points — Instances of MITRE Att&ck techniques associated with this asset that are used in attack paths leading to critical assets. For more information, see Findings in the Attack Path Analysis User Guide.
Tip: Click a choke point to navigate directly to the Findings page in the Attack Path Analysis user interface, filtered automatically by choke points that feature the weakness.Note: Because Attack Path Analysis aggregates the choke point by cause (for example, CVE, CWE) a single choke point may have multiple sources/targets. This may cause discrepancies in choke point counts between Weaknesses in Tenable Inventory and the sum of choke points within Attack Path Analysis. -
Last seen — The date at which the weakness was last seen in a scan on the asset.
-
Sources — The application the weakness' asset originated from, for example, Tenable Vulnerability Management.
-
Click See details to view more details about a weakness. For more information, see View Weakness Details.
-