Search and Filter Results
You can search or use filters to view specific scan results. You can filter hosts and vulnerabilities, and you can create detailed and customized scan result views by using multiple filters.
-
In scan results, click the Hosts tab.
If you are working with an attack surface discovery scan, click the Records tab.
-
In the Search Hosts box above the hosts table, type text to filter for matches in hostnames.
As you type, Nessus automatically filters the results based on your text.
-
Do one of the following:
-
In scan results, in the Hosts tab, click a specific host to view its vulnerabilities.
- In scan results, click the Vulnerabilities tab to view all vulnerabilities.
-
-
In the Search Vulnerabilities box above the vulnerabilities table, type text to filter for matches in vulnerability titles.
As you type, Nessus automatically filters the results based on your text.
-
Do one of the following:
-
In scan results, click the Hosts tab.
- In scan results, in the Hosts tab, click a specific host to view its vulnerabilities.
- In scan results, click the Vulnerabilities tab to view all vulnerabilities.
- In attack surface discovery scan results, click the Records tab to view all DNS records.
-
-
Click Filters next to the search box.
-
If you have saved filters, a list of your saved filters appears. Click Custom to open the Filters window and create a new filter, or click a saved filter to apply it to the table.
-
If you do not have saved filters, the Filters window appears.
-
-
Specify your filter rule options:
- Match Any or Match All: If you select All, only results that match all filters appear. If you select Any, results that match any one of the filters appear.
- Plugin attribute: See the Plugin Attributes table for plugin attribute descriptions.
- Filter argument: Select is equal to, is not equal to, contains, or does not contain to specify how the filter should match for the selected plugin attribute.
- Value: Depending on the plugin attribute you selected, enter a value or select a value from the drop-down menu.
- (Optional) Click to add another filter rule.
- (Optional) Save the filter for future use by performing the following steps:
Select the Save this filter checkbox to save the filter or filters.
The Filter name box appears.
Enter a name for the filter.
Click Save.
The saved filter is now available to select when you click the table Filter button.
Note: You can only save filters for the Hosts, Vulnerabilities, and Records tables.
-
Click Apply.
Tenable Nessus applies your filters and the table shows vulnerabilities or records that match your filters.
-
Do one of the following:
-
In scan results, click the Hosts tab.
- In scan results, in the Hosts tab, click a specific host to view its vulnerabilities.
- In scan results, click the Vulnerabilities tab to view all vulnerabilities.
-
-
Click Filter next to the search box.
A list of your saved filters appears.
-
Do one of the following:
-
Click the filter name to apply the filter to the table.
-
Click the button to edit the filter criteria.
The Filters window appears. Edit the criteria, and click Save.
-
Click the button to create a duplicate saved filter.
You can now select and edit a copy of the saved filter from the table Filter button.
-
Click the button to delete the saved filter.
The Delete Filter window appears. Click Continue to confirm the deletion.
-
-
Click Filter next to the search box.
The Filter window appears.
- To remove a single filter, click next to the filter entry.
-
To remove all filters, click Clear Filters.
Tenable Nessus removes the filters from the vulnerabilities shown in the table.
The following table lists plugins attributes you can use to filter results.
Tip: Many Tenable Nessus plugin attributes relate to severity and vulnerability scores. To learn more about severity and vulnerability scores, see Severity and CVSS Scores vs. VPR.
Option | Description |
---|---|
Bugtraq ID |
Filter results based on if a Bugtraq ID is equal to, is not equal to, contains, or does not contain a given string (for example, 51300). |
CANVAS Exploit Framework |
Filter results based on if the presence of an exploit in the CANVAS exploit framework is equal to or is not equal to true or false. |
CANVAS Package |
Filter results based on which CANVAS exploit framework package an exploit exists for. Options include CANVAS, D2ExploitPack, or White_Phosphorus. |
CERT Advisory ID |
Filter results based on if a CERT Advisory ID (now called Technical Cyber Security Alert) is equal to, is not equal to, contains, or does not contain a given string (for example, TA12-010A). |
CORE Exploit Framework |
Filter results based on if the presence of an exploit in the CORE exploit framework is equal to or is not equal to true or false. |
CPE |
Filter results based on if the Common Platform Enumeration (CPE) is equal to, is not equal to, contains, or does not contain a given string (for example, Solaris). |
CVE |
Filter results based on if a Common Vulnerabilities and Exposures (CVE) v2.0 reference is equal to, is not equal to, contains, or does not contain a given string (for example, 2011-0123). |
CVSS Base Score |
Filter results based on if a Common Vulnerability Scoring System (CVSS) v2.0 base score is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (for example, 5). You can use this filter to select by risk level. The severity ratings are derived from the associated CVSS score, where 0 is Info, less than 4 is Low, less than 7 is Medium, less than 10 is High, and a CVSS score of 10 is Critical. |
CVSS Temporal Score |
Filter results based on if a CVSS v2.0 temporal score is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (for example, 3.3). |
CVSS Temporal Vector |
Filter results based on if a CVSS v2.0 temporal vector is equal to, is not equal to, contains, or does not contain a given string (for example, E:F). |
CVSS Vector |
Filter results based on if a CVSS v2.0 vector is equal to, is not equal to, contains, or does not contain a given string (for example, AV:N). |
CVSS 3.0 Base Score |
Filter results based on if a Common Vulnerability Scoring System (CVSS) v3.0 base score is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (for example, 5). You can use this filter to select by risk level. The severity ratings are derived from the associated CVSS score, where 0 is Info, less than 4 is Low, less than 7 is Medium, less than 10 is High, and a CVSS score of 10 is Critical. |
CVSS 3.0 Temporal Score |
Filter results based on if a CVSS v3.0 temporal score is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (for example, 3.3). |
CVSS 3.0 Temporal Vector |
Filter results based on if a CVSS v3.0 temporal vector is equal to, is not equal to, contains, or does not contain a given string (for example, E:F). |
CVSS 3.0 Vector |
Filter results based on if a CVSS v3.0 vector is equal to, is not equal to, contains, or does not contain a given string (for example, AV:N). |
CWE |
Filter results based on Common Weakness Enumeration (CWE) if a CVSS vector is equal to, is not equal to, contains, or does not contain a CWE reference number (for example, 200). |
Exploit Available |
Filter results based on the vulnerability having a known public exploit. |
Exploit Database ID |
Filter results based on if an Exploit Database ID (EBD-ID) reference is equal to, is not equal to, contains, or does not contain a given string (for example, 18380). |
Exploitability Ease |
Filter results based on if the exploitability ease is equal to or is not equal to the following values: Exploits are available, No exploit is required, or No known exploits are available. |
Exploited by Malware |
Filter results based on if the presence of a vulnerability is exploitable by malware is equal to or is not equal to true or false. |
Exploited by Nessus | Filter results based on whether a plugin performs an actual exploit, usually an ACT_ATTACK plugin. |
Hostname |
Filter results if the host is equal to, is not equal to, contains, or does not contain a given string (for example, 192.168 or lab). For agents, you can search by the agent target name. For other targets, you can search by the target's IP address or DNS name, depending on how you configured the scan. |
IAVA |
Filter results based on if an IAVA reference is equal to, is not equal to, contains, or does not contain a given string (for example, 2012-A-0008). |
IAVB |
Filter results based on if an IAVB reference is equal to, is not equal to, contains, or does not contain a given string (for example, 2012-A-0008). |
IAVM Severity |
Filter results based on the IAVM severity level (for example, IV). |
In The News | Filter results based on whether the vulnerability covered by a plugin has had coverage in the news. |
Malware | Filter results based on whether the plugin detects malware; usually ACT_GATHER_INFO plugins. |
Metasploit Exploit Framework |
Filter results based on if the presence of a vulnerability in the Metasploit Exploit Framework is equal to or is not equal to true or false. |
Metasploit Name |
Filter results based on if a Metasploit name is equal to, is not equal to, contains, or does not contain a given string (for example, xslt_password_reset). |
Microsoft Bulletin | Filter results based on Microsoft security bulletins like MS17-09, which have the format MSXX-XXX, where X is a number. |
Microsoft KB | Filter results based on Microsoft knowledge base articles and security advisories. |
OSVDB ID |
Filter results based on if an Open Source Vulnerability Database (OSVDB) ID is equal to, is not equal to, contains, or does not contain a given string (for example, 78300). |
Patch Publication Date |
Filter results based on if a vulnerability patch publication date is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (for example, 12/01/2011). |
Plugin Description |
Filter results if the Plugin Description contains, or does not contain a given string (for example, remote). |
Plugin Family |
Filter results if the Plugin Name is equal to or is not equal to one of the designated Nessus plugin families. Tenable Nessus provides the possible matches via a drop-down menu. |
Plugin ID |
Filter results if the plugin ID is equal to, is not equal to, contains, or does not contain a given string (for example, 42111). |
Plugin Modification Date |
Filter results based on if a Nessus plugin modification date is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (for example, 02/14/2010). |
Plugin Name |
Filter results if Plugin Name is equal to, is not equal to, contains, or does not contain a given string (for example, windows). |
Plugin Output |
Filter results if Plugin Description is equal to, is not equal to, contains, or does not contain a given string (for example, PHP) |
Plugin Publication Date |
Filter results based on if a Nessus plugin publication date is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (for example, 06/03/2011). |
Plugin Type |
Filter results if Plugin Type is equal to or is not equal to one of the two types of plugins: local or remote. |
Port |
Filter results based on if a port is equal to, is not equal to, contains, or does not contain a given string (for example, 80). |
Protocol |
Filter results if a protocol is equal to or is not equal to a given string (for example, HTTP). |
Risk Factor |
Filter results based on the risk factor of the vulnerability (for example, Low, Medium, High, Critical). |
Secunia ID |
Filter results based on if a Secunia ID is equal to, is not equal to, contains, or does not contain a given string (for example, 47650). |
See Also |
Filter results based on if a Nessus plugin see also reference is equal to, is not equal to, contains, or does not contain a given string (for example, seclists.org). |
Solution |
Filter results if the plugin solution contains or does not contain a given string (for example, upgrade). |
Synopsis |
Filter results if the plugin solution contains or does not contain a given string (for example, PHP). |
VPR Score | Filter results based on if a vulnerability VPR score is equal to, is not equal to, contains, does not contain, is less than, or is more than a value (for example, VPR Score is more than 8.0). |
Vulnerability Publication Date |
Filter results based on if a vulnerability publication date earlier than, later than, on, not on, contains, or does not contain a string (for example, 01/01/2012).
Note: Pressing the button next to the date brings up a calendar interface for easier date selection. |