Search and Filter Results

Required user role when using Tenable Nessus Manager: Basic, Standard, Administrator, or System Administrator

You can search or use filters to view specific scan results. You can filter hosts and vulnerabilities, and you can create detailed and customized scan result views by using multiple filters.

Search for Hosts

1. In scan results, click the Hosts tab.

   If you are working with an attack surface discovery scan, click the Records tab.

2. In the Search Hosts box above the hosts table, type text to filter for matches in hostnames.

   As you type, Tenable Nessus automatically filters the results based on your text.

Search for Vulnerabilities

1. Do one of the following:

   • In scan results, in the Hosts tab, click a specific host to view its vulnerabilities.

   • In scan results, click the Vulnerabilities tab to view all vulnerabilities.

2. In the Search Vulnerabilities box above the vulnerabilities table, type text to filter for matches in vulnerability titles.

   As you type, Tenable Nessus automatically filters the results based on your text.

Create a Filter

1. Do one of the following:

   • In scan results, click the Hosts tab.

   • In scan results, in the Hosts tab, click a specific host to view its vulnerabilities.
   • In scan results, click the Vulnerabilities tab to view all vulnerabilities.
   • In attack surface discovery scan results, click the Records tab to view all DNS records.

2. Click Filters next to the search box.

   • If you have saved filters, a list of your saved filters appears. Click Custom to open the Filters window and create a new filter, or click a saved filter to apply it to the table.

   • If you do not have saved filters, the Filters window appears.

3. Specify your filter rule options:

   • Match Any or Match All: If you select All, only results that match all filters appear. If you select Any, results that match any one of the filters appear.
   • Plugin attribute: See the Plugin Attributes table for plugin attribute descriptions.
   • Filter argument: Select is equal to, is not equal to, contains, or does not contain to specify how the filter should match for the selected plugin attribute.
   • Value: Depending on the plugin attribute you selected, enter a value or select a value from the drop-down menu.
4. (Optional) Click to add another filter rule.
5. (Optional) Save the filter for future use by performing the following steps:

   1. Select the Save this filter checkbox to save the filter or filters.

      The Filter name box appears.

   2. Enter a name for the filter.

   3. Click Save.

      The saved filter is now available to select when you click the table Filter button.

      Note: You can only save filters for the Hosts, Vulnerabilities, and Records tables.

6. Click Apply.

   Tenable Nessus applies your filters and the table shows vulnerabilities or records that match your filters.

Clear an Applied Filter

1. Click Filter next to the search box.

   The Filter window appears.

2. To remove a single filter, click next to the filter entry.

3. To remove all filters, click Clear Filters.

   Tenable Nessus removes the filters from the vulnerabilities shown in the table.

Plugin Attributes

The following table lists plugins attributes you can use to filter results.

Tip: Many Tenable Nessus plugin attributes relate to severity and vulnerability scores. To learn more about severity and vulnerability scores, see Severity and CVSS Scores vs. VPR.

Option	Description
Bugtraq ID	Filter results based on if a Bugtraq ID is equal to, is not equal to, contains, or does not contain a given string (for example, 51300).
CANVAS Exploit Framework	Filter results based on if the presence of an exploit in the CANVAS exploit framework is equal to or is not equal to true or false.
CANVAS Package	Filter results based on which CANVAS exploit framework package an exploit exists for. Options include CANVAS, D2ExploitPack, or White_Phosphorus.
CERT Advisory ID	Filter results based on if a CERT Advisory ID (now called Technical Cyber Security Alert) is equal to, is not equal to, contains, or does not contain a given string (for example, TA12-010A).
CORE Exploit Framework	Filter results based on if the presence of an exploit in the CORE exploit framework is equal to or is not equal to true or false.
CPE	Filter results based on if the Common Platform Enumeration (CPE) is equal to, is not equal to, contains, or does not contain a given string (for example, Solaris).
CVE	Filter results based on if a Common Vulnerabilities and Exposures (CVE) v2.0 reference is equal to, is not equal to, contains, or does not contain a given string (for example, 2011-0123).
CVSS Base Score	Filter results based on if a Common Vulnerability Scoring System (CVSS) v2.0 base score is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (for example, 5). You can use this filter to select by risk level. The severity ratings are derived from the associated CVSS score, where 0 is Info, less than 4 is Low, less than 7 is Medium, less than 10 is High, and a CVSS score of 10 is Critical.
CVSS Temporal Score	Filter results based on if a CVSS v2.0 temporal score is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (for example, 3.3).
CVSS Temporal Vector	Filter results based on if a CVSS v2.0 temporal vector is equal to, is not equal to, contains, or does not contain a given string (for example, E:F).
CVSS Vector	Filter results based on if a CVSS v2.0 vector is equal to, is not equal to, contains, or does not contain a given string (for example, AV:N).
CVSS 3.0 Base Score	Filter results based on if a Common Vulnerability Scoring System (CVSS) v3.0 base score is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (for example, 5). You can use this filter to select by risk level. The severity ratings are derived from the associated CVSS score, where 0 is Info, less than 4 is Low, less than 7 is Medium, less than 10 is High, and a CVSS score of 10 is Critical.
CVSS 3.0 Temporal Score	Filter results based on if a CVSS v3.0 temporal score is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (for example, 3.3).
CVSS 3.0 Temporal Vector	Filter results based on if a CVSS v3.0 temporal vector is equal to, is not equal to, contains, or does not contain a given string (for example, E:F).
CVSS 3.0 Vector	Filter results based on if a CVSS v3.0 vector is equal to, is not equal to, contains, or does not contain a given string (for example, AV:N).
CWE	Filter results based on Common Weakness Enumeration (CWE) if a CVSS vector is equal to, is not equal to, contains, or does not contain a CWE reference number (for example, 200).
Exploit Available	Filter results based on the vulnerability having a known public exploit.
Exploit Database ID	Filter results based on if an Exploit Database ID (EBD-ID) reference is equal to, is not equal to, contains, or does not contain a given string (for example, 18380).
Exploitability Ease	Filter results based on if the exploitability ease is equal to or is not equal to the following values: Exploits are available, No exploit is required, or No known exploits are available.
Exploited by Malware	Filter results based on if the presence of a vulnerability is exploitable by malware is equal to or is not equal to true or false.
Exploited by Nessus	Filter results based on whether a plugin performs an actual exploit, usually an ACT_ATTACK plugin.
Hostname	Filter results if the host is equal to, is not equal to, contains, or does not contain a given string (for example, 192.168 or lab). For agents, you can search by the agent target name. For other targets, you can search by the target's IP address or DNS name, depending on how you configured the scan.
IAVA	Filter results based on if an IAVA reference is equal to, is not equal to, contains, or does not contain a given string (for example, 2012-A-0008).
IAVB	Filter results based on if an IAVB reference is equal to, is not equal to, contains, or does not contain a given string (for example, 2012-A-0008).
IAVM Severity	Filter results based on the IAVM severity level (for example, IV).
In The News	Filter results based on whether the vulnerability covered by a plugin has had coverage in the news.
Malware	Filter results based on whether the plugin detects malware; usually ACT_GATHER_INFO plugins.
Metasploit Exploit Framework	Filter results based on if the presence of a vulnerability in the Metasploit Exploit Framework is equal to or is not equal to true or false.
Metasploit Name	Filter results based on if a Metasploit name is equal to, is not equal to, contains, or does not contain a given string (for example, xslt_password_reset).
Microsoft Bulletin	Filter results based on Microsoft security bulletins like MS17-09, which have the format MSXX-XXX, where X is a number.
Microsoft KB	Filter results based on Microsoft knowledge base articles and security advisories.
OSVDB ID	Filter results based on if an Open Source Vulnerability Database (OSVDB) ID is equal to, is not equal to, contains, or does not contain a given string (for example, 78300).
Patch Publication Date	Filter results based on if a vulnerability patch publication date is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (for example, 12/01/2011).
Plugin Description	Filter results if the Plugin Description contains, or does not contain a given string (for example, remote).
Plugin Family	Filter results if the Plugin Name is equal to or is not equal to one of the designated Nessus plugin families. Tenable Nessus provides the possible matches via a drop-down menu.
Plugin ID	Filter results if the plugin ID is equal to, is not equal to, contains, or does not contain a given string (for example, 42111).
Plugin Modification Date	Filter results based on if a Nessus plugin modification date is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (for example, 02/14/2010).
Plugin Name	Filter results if Plugin Name is equal to, is not equal to, contains, or does not contain a given string (for example, windows).
Plugin Output	Filter results if Plugin Description is equal to, is not equal to, contains, or does not contain a given string (for example, PHP)
Plugin Publication Date	Filter results based on if a Nessus plugin publication date is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (for example, 06/03/2011).
Plugin Type	Filter results if Plugin Type is equal to or is not equal to one of the two types of plugins: local or remote.
Port	Filter results based on if a port is equal to, is not equal to, contains, or does not contain a given string (for example, 80).
Protocol	Filter results if a protocol is equal to or is not equal to a given string (for example, HTTP).
Risk Factor	Filter results based on the risk factor of the vulnerability (for example, Low, Medium, High, Critical).
Secunia ID	Filter results based on if a Secunia ID is equal to, is not equal to, contains, or does not contain a given string (for example, 47650).
See Also	Filter results based on if a Nessus plugin see also reference is equal to, is not equal to, contains, or does not contain a given string (for example, seclists.org).
Solution	Filter results if the plugin solution contains or does not contain a given string (for example, upgrade).
Synopsis	Filter results if the plugin solution contains or does not contain a given string (for example, PHP).
VPR Score	Filter results based on if a vulnerability VPR score is equal to, is not equal to, contains, does not contain, is less than, or is more than a value (for example, VPR Score is more than 8.0).
Vulnerability Publication Date	Filter results based on if a vulnerability publication date earlier than, later than, on, not on, contains, or does not contain a string (for example, 01/01/2012). Note: Pressing the button next to the date brings up a calendar interface for easier date selection.