You are here: Features > Scans > Scan Results > Report Filters

Report Filters

Nessus offers a flexible system of filters to assist in displaying specific report results. Filters can be used to display results based on any aspect of the vulnerability findings. When multiple filters are used, more detailed and customized report views can be created.

The first filter type is a simple text string entered into the Filter Vulnerabilities box on the upper right. As you type, Nessus will immediately begin to filter the results based on your text and what it matches in the titles of the findings. The second filter type is more comprehensive and allows you to specify more details. To create this type of filter, begin by clicking on the down arrow on the right side of the Filter Vulnerabilities box. Filters can be created from any report tab. Multiple filters can be created with logic that allows for complex filtering.

A filter is created by selecting the plugin attribute, a filter argument, and a value to filter on. When selecting multiple filters, specify the keyword Any or All accordingly. If All is selected, then only results that match all filters will be displayed:

Option Description

Plugin ID

Filter results if plugin ID is equal to, is not equal to, contains, or does not contain a given string (e.g., 42111).

Plugin Description

Filter results if Plugin Description contains, or does not contain a given string (e.g., remote).

Plugin Name

Filter results if Plugin Name is equal to, is not equal to, contains, or does not contain a given string (e.g., windows).

Plugin Family

Filter results if Plugin Name is equal to or is not equal to one of the designated Nessus plugin families. The possible matches are provided via a drop-down menu.

Plugin Output

Filter results if Plugin Description is equal to, is not equal to, contains, or does not contain a given string (e.g., PHP)

Plugin Type

Filter results if Plugin Type is equal to or is not equal to one of the two types of plugins: local or remote.

Solution

Filter results if the plugin Solution contains or does not contain a given string (e.g., upgrade).

Synopsis

Filter results if the plugin Solution contains or does not contain a given string (e.g., PHP).

Hostname

Filter results if the host is equal to, is not equal to, contains, or does not contain a given string (e.g., 192.168 or lab).

Port

Filter results based on if a port is equal to, is not equal to, contains, or does not contain a given string (e.g., 80).

Protocol

Filter results if a protocol is equal to or is not equal to a given string (e.g., http).

CWE

Filter results based on Common Weakness Enumeration (CWEª) if a CVSS vector is equal to, is not equal to, contains, or does not contain a CWE reference number (e.g., 200).

CPE

Filter results based on if the Common Platform Enumeration (CPE) is equal to, is not equal to, contains, or does not contain a given string (e.g., Solaris).

CVSS Base Score

Filter results based on if a CVSS base score is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (e.g., 5)

This filter can be used to select by risk level. The severity ratings are derived from the associated CVSS score, where 0 is Info, less than 4 is Low, less than 7 is Medium, less than 10 is High, and a CVSS score of 10 will be flagged Critical.

CVSS Temporal Score

Filter results based on if a CVSS temporal score is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (e.g., 3.3).

CVSS Temporal Vector

Filter results based on if a CVSS temporal vector is equal to, is not equal to, contains, or does not contain a given string (e.g., E:F).

CVSS Vector

Filter results based on if a CVSS vector is equal to, is not equal to, contains, or does not contain a given string (e.g., AV:N).

Vulnerability Publication Date

Filter results based on if a vulnerability publication date earlier than, later than, on, not on, contains, or does not contain a string (e.g., 01/01/2012). Note: Pressing the button next to the date will bring up a calendar interface for easier date selection.

Patch Publication Date

Filter results based on if a vulnerability patch publication date is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (e.g., 12/01/2011).

Plugin Publication Date

Filter results based on if a Nessus plugin publication date is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (e.g., 06/03/2011).

Plugin Modification Date

Filter results based on if a Nessus plugin modification date is less than, is more than, is equal to, is not equal to, contains, or does not contain a string (e.g., 02/14/2010).

CVE

Filter results based on if a CVE reference is equal to, is not equal to, contains, or does not contain a given string (e.g., 2011-0123).

Bugtraq ID

Filter results based on if a Bugtraq ID is equal to, is not equal to, contains, or does not contain a given string (e.g., 51300).

CERT Advisory ID

Filter results based on if a CERT Advisory ID (now called Technical Cyber Security Alert) is equal to, is not equal to, contains, or does not contain a given string (e.g., TA12-010A).

OSVDB ID

Filter results based on if an Open Source Vulnerability Database (OSVDB) ID is equal to, is not equal to, contains, or does not contain a given string (e.g., 78300).

Secunia ID

Filter results based on if a Secunia ID is equal to, is not equal to, contains, or does not contain a given string (e.g., 47650).

Exploit Database ID

Filter results based on if an Exploit Database ID (EBD-ID) reference is equal to, is not equal to, contains, or does not contain a given string (e.g., 18380).

Metasploit Name

Filter results based on if a Metasploit name is equal to, is not equal to, contains, or does not contain a given string (e.g., xslt_password_reset).

Exploited by Malware

Filter results based on if the presence of a vulnerability is exploitable by malware is equal to or is not equal to true or false.

IAVA

Filter results based on if an IAVA reference is equal to, is not equal to, contains, or does not contain a given string (e.g., 2012-A-0008).

IAVB

Filter results based on if an IAVB reference is equal to, is not equal to, contains, or does not contain a given string (e.g., 2012-A-0008).

IAVM Severity

Filter results based on the IAVM severity level (e.g., IV).

IAVT

Filter results based on if an IAVT reference is equal to, is not equal to, contains, or does not contain a given string (e.g., 2012-A-0008).

See Also

Filter results based on if a Nessus plugin see also reference is equal to, is not equal to, contains, or does not contain a given string (e.g., seclists.org).

Risk Factor

Filter results based on the risk factor of the vulnerability (e.g., Low, Medium, High, Critical).

Exploits Available

Filter results based on the vulnerability having a known public exploit.

Exploitability Ease

Filter results based on if the exploitability ease is equal to or is not equal to the following values: Exploits are available, No exploit is required, or No known exploits are available.

Metasploit Exploit Framework

Filter results based on if the presence of a vulnerability in the Metasploit Exploit Framework is equal to or is not equal to true or false.

CANVAS Exploit Framework

Filter results based on if the presence of an exploit in the CANVAS exploit framework is equal to or is not equal to true or false.

CANVAS Package

Filter results based on which CANVAS exploit framework package an exploit exists for. Options include CANVAS, D2ExploitPack, or White_Phosphorus.

CORE Exploit Framework

Filter results based on if the presence of an exploit in the CORE exploit framework is equal to or is not equal to true or false.

Elliot Exploit Framework

Filter results based on if the presence of an exploit in the Elliot exploit framework is equal to or is not equal to true or false.

Elliot Exploit Name

Filter results based on if an Elliot exploit is equal to, is not equal to, contains, or does not contain a given string (e.g., Typo3 FD).

ExploitHub

Filter results based on if the presence of an exploit on the ExploitHub web site is equal to or is not equal to true or false.

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.