Scan Results

You can view scan results to help you understand your organization’s security posture and vulnerabilities. Color-coded indicators and customizable viewing options allow you to customize how you view your scan’s data.

You can view scan results in one of several views:

Page	Description
Dashboard	In Tenable Nessus Manager, the default scan results page shows the Dashboard view.
Scan Summary	View a summary of any completed scan in Tenable Nessus Professional, Nessus Expert, or any non-Tenable Agent scan in Tenable Nessus Manager.
Hosts	The Hosts page shows all scanned targets.
Vulnerabilities	List of identified vulnerabilities, sorted by severity. Tip: To view vulnerabilities by VPR, click in the table header, click Disable Groups, and sort the table by VPR Score.
Compliance	If the scan includes compliance checks, this list shows counts and details sorted by vulnerability severity. If you configure the scan for compliance scanning, the button allows you to navigate between the Compliance and Vulnerability results.
Remediations	If the scan's results include Remediation information, this list shows suggested remediations that address the highest number of vulnerabilities.
Notes	The Notes page shows additional information about the scan and the scan’s results.
History	The History shows a listing of scans: Start Time, End Time, and the Scan Statuses. Notes: Only the scan owner can delete a scan's history. Scan histories are unavailable for imported scans and configured scans that Tenable Nessus has not executed.
Summary (cluster configurations only)	View a scan summary of all agents targeted in your scan configuration, organized by cluster node. The summary table shows a row for each cluster node with the following details: Node — The name of the node. Not Started — The number of agents that have not started scanning. In Progress — The number of agents currently scanning. Completed — The number of agents that finished scanning and sent results to Tenable Nessus. Aborted — The number of agents whose scans aborted. An agent appears as Aborted when it reports to Tenable Nessus that the scan did not complete. The scan may not launch (for example, if the agent cannot download the policy), or it may start but stop early (for example, if the scan window ends, the agent restarts, or another condition prevents completion). Failed — The number of agents whose scans failed. An agent appears as Failed when it receives the scan job, but Tenable Nessus does not receive a completion status from the agent. This state typically occurs if the host goes offline or loses connectivity before the agent can return results. Total — The total number of agents included in the scan job
Summary (Attack Surface Discovery scan template only)	View a summary of your attack surface discovery scan configuration. The summary table shows a row for each scanned domain with the following details: Domain — The scanned domain name. First Complete Pull — The date and time the scanned domain data was, or will be, available. Data Refreshed — The date and time that Bit Discovery last updated the domain data that Tenable Nessus pulls. Bit Discovery refreshes the data that Tenable Nessus pulls every 90 days. Next Data Refresh — The date and time of the next refresh of this domain's data in Bit Discovery. Bit Discovery refreshes the data that Tenable Nessus pulls every 90 days. Ages Out from License — The data and time the domain ages out from your Tenable Nessus license. Record Count — The number of subdomain records generated.
Records (Attack Surface Discovery scan template only)	View a list of the DNS records identified during the last attack surface discovery scan. The list only shows a maximum of 2,500 records across all scanned domains, but you can filter the table and only view certain record types or records from a specific domain. Tenable Nessus provides the following information for each record: Hostname — The record's hostname. IP Address — The IP address related to the record. Ports — The discovered open ports on the scanned IP, if applicable. Type — The DNS record type. Some of the most common record types are: A — Host address AAAA — IPv6 host address CNAME — Canonical name for an alias MX — Mail exchange NS — Name server PTR — Pointer SOA — Start of authority SRV — Location of service TXT — Text Target Hostname — The hostname targeted by the DNS record. This is often the same as the Hostname. The Records page also shows details about the latest attack surface discovery scan: Policy — The scan policy used for the scan (Domain Discovery). Status — The current scan status. Severity Base — The severity base used in the scan (for example, CVSS v3.0). Scanner — The scanner used for the scan. Start — The scan start time and date. End — The scan end time and date. Elapsed — The time elapsed between the Start and End times.