TOC & Recently Viewed

Recently Viewed Topics

Vulnerability Analysis Filter Components

For general information about constructing filters, see Filters.

Filter Component Availability Description

Accept Risk

Cumulative View

Display vulnerabilities based on their Accepted Risk workflow status. Available choices include Accepted Risk or Non-Accepted Risk. Choosing both options displays all vulnerabilities regardless of acceptance status.

Address

All

This filter specifies an IPv4 or IPv6 address, range, or CIDR block to limit the viewed vulnerabilities. For example, entering 192.168.10.0/24 and/or 2001:DB8::/32 limits any of the web tools to only show vulnerability data from the selected network(s). Addresses can be comma separated or separate lines.

Application CPE

All

Allows a text string search to match against available CPEs. The filter may be set to search based on a contains, Exact Match, or Regex Filter filter. The Regex Filter is based on PCRE 

Asset

All

This filter displays systems from the chosen asset list. If more than one asset list contains the systems from the primary asset list (i.e., there is an intersect between the asset lists), those asset lists are displayed as well. The operators NOT, OR, and AND may be used to exclude unwanted asset lists from the view.

Audit File

All

This filter displays vulnerabilities detected when a scan was performed using the chosen .audit file.

CCE ID

All

Displays results matching the entered CCE ID.

CVE ID

All

Displays vulnerabilities based on the chosen single CVE ID (e.g., CVE-2010-1128) or multiple CVE IDs separated by commas (e.g., CVE-2011-3348,CVE-2011-3268,CVE-2011-3267).

CVSS Score

All

Displays vulnerabilities within the chosen Common Vulnerability Scoring System version 2 (CVSS v2) score range.

CVSS Vector

All

Filters results based on a search against the CVSS v2 vector information.

Cross Reference

All

Filters results based on a search against the cross reference information in a vulnerability.

DNS Name

All

This filter specifies a DNS name to limit the viewed vulnerabilities. For example, entering host.example.com limits any of the web tools to only show vulnerability data from that DNS name.

Exploit Available

All

If set to yes, displays only vulnerabilities for which a known public exploit exists.

Exploit Frameworks

All

When set, the text option can be equal to or contain the text entered in the option.

IAVM ID

All

Displays vulnerabilities based on the chosen IAVM ID (e.g., 2011-A-0007) or multiple IVAM IDs (e.g., 2011-A-0005,2011-A-0007,2012-A-0004).

MS Bulletin ID

All

Displays vulnerabilities based on the chosen Microsoft Bulletin ID (e.g., MS09-001) or multiple Microsoft Bulletin IDs separated by commas (e.g., MS10-012,MS10-054,MS11-020).

Mitigated

All

Display vulnerabilities that were at one time mitigated, but have been discovered again in a subsequent scan. This option is not used in conjunction with other options unless all options within the selected combination are set (e.g., selecting the Was Mitigated box returns no results if both the Was Mitigated and the Accepted Risk flags are set).

Output Assets

Asset Summary Analysis Tool

This filter displays only the desired asset list systems.

Patch Published

All

Some plugins contain information about when a patch was published for a vulnerability. This filter allows the user to search based on when a vulnerability's patch became available:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Custom Range (during a specific range you specify)

Plugin Family

All

This filter chooses a Nessus or NNM plugin family. Only vulnerabilities from that family display.

Plugin ID

All

Type the plugin ID desired or range based on a plugin ID. Available operators are equal to (=), not equal to (!=), greater than or equal (>=) and less than or equal to (<=).

Plugin Modified

All

Tenable plugins contain information about when a plugin was last modified. This filter allows users to search based on when a particular plugin was modified:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Custom Range (during a specific range you specify)

Plugin Name

All

Using the Contains option, type all or a portion of the actual plugin name. For example, entering MS08-067 in the plugin name filter displays vulnerabilities using the plugin named MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (uncredentialed check). Similarly, entering the string uncredentialed displays a list of vulnerabilities with that string in the plugin name.

Using the Regex Match option regex options may be used to filter on the Plugin Name.

Plugin Published

All

Tenable plugins contain information about when a plugin was first published. This filter allows users to search based on when a particular plugin was created:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Custom Range (during a specific range you specify)

Plugin Type

All

Select whether to view all plugin types or passive, active, event, or compliance vulnerabilities.

Port

All

This filter is in two parts. First the equality operator is specified to allow matching vulnerabilities with the same ports, different ports, all ports less than or all ports greater than the port filter. The port filter allows a comma separated list of ports. For the larger than or less than filters, only one port may be used.

Note: All host-based vulnerability checks are reported with a port of 0 (zero).

Protocol

All

This filter provides boxes to select TCP, UDP, or ICMP-based vulnerabilities.

Recast Risk

Cumulative View

Display vulnerabilities based on their Recast Risk workflow status. Available choices include Recast Risk or Non-Recast Risk. Choosing both options displays all vulnerabilities regardless of recast risk status.

Repositories

All

Display vulnerabilities from the chosen repositories.

STIG Severity All This filter maps to the stigseverity column in the plugins database.

Scan Policy

All

This filter chooses a scan policy. Only vulnerabilities from that scan policy display.

Severity

All

Displays vulnerabilities with the selected severity (Info, Low, Medium, High, Critical)

Users

All

Allows selection of one or more users who are responsible for the vulnerabilities.

Vulnerability Discovered

All

SecurityCenter tracks when each vulnerability was first discovered. This filter allows the user to see when vulnerabilities were discovered:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Custom Range (during a specific range you specify)

Note: The discovery date is based on when the vulnerability was first imported into SecurityCenter. For NNM, this date does not match the exact vulnerability discovery time as there is normally a lag between the time that NNM discovers a vulnerability and the import occurs.

Note: Days are calculated based on 24-hour periods prior to the current time and not calendar days. For example, if the report run time was 1/8/2012 at 1 PM, using a 3-day count would include vulnerabilities starting 1/5/2012 at 1 PM and not from 12:00 AM.

Vulnerability Last Observed

Cumulative View

This filter allows the user to see when the vulnerability was last observed by Nessus, LCE, or NNM:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Custom Range (during a specific range you specify)

Note: The observation date is based on when the vulnerability was most recently imported into SecurityCenter. For NNM, this date does not match the exact vulnerability discovery as there is normally a lag between the time that NNM discovers a vulnerability and the import occurs.

Vulnerability Mitigated

Mitigated View

This filter allows the user to filter results based on when the vulnerability was mitigated:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Custom Range (during a specific range you specify)

Vulnerability Published

All

When available, Tenable plugins contain information about when a vulnerability was published. This filter allows users to search based on when a particular vulnerability was published:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Custom Range (during a specific range you specify)

Vulnerability Text

All

Displays vulnerabilities containing the entered text (e.g., php 5.3) or regex search term.

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.