Vulnerability Analysis Filter Components
For general information about using filters, see Filters.
| Filter Component | Availability | Description |
|---|---|---|
|
Accept Risk |
Cumulative View |
Displays vulnerabilities based on their Accepted Risk workflow status. Available choices include Accepted Risk or Non-Accepted Risk. Choosing both options displays all vulnerabilities regardless of acceptance status. |
|
Address |
All |
This filter specifies an IPv4 or IPv6 address, range, or CIDR block to limit the viewed vulnerabilities. For example, entering 198.51.100.28/24 and/or 2001:DB8::/32 limits any of the web tools to show vulnerability data from the specified networks. You can enter addresses in a comma-separated list or on separate lines. |
| Agent ID | All |
Displays results matching the specified agent UUID (Tenable UUID). An agent UUID uniquely identifies:
|
|
Application CPE |
All |
Allows a text string search to match against available CPEs. The filter may be set to search based on a contains, Exact Match, or Regex Filter filter. The Regex Filter is based on Perl-compatible regular expressions (PCRE). |
|
Asset |
All |
This filter displays systems from the assets you select. If more than one asset contains the systems from the primary asset (i.e., there is an intersect between the asset lists), those assets are displayed as well. Tip: Use NOT, OR, and AND operators to exclude unwanted assets from the view. |
| Asset Criticality Rating (ACR) | All |
(Requires Tenable Security Center+ license) Filters for vulnerabilities on hosts within the specified ACR range, between 0 and 10. For more information, see Asset Criticality Rating in the Tenable Vulnerability Management User Guide. Tip: To edit the ACR for an asset, see Edit an ACR Manually. |
| Asset Exposure Score (AES) | All |
(Requires Tenable Security Center+ license) Filters for hosts within the specified AES range, between 0 and 1000. For more information, see Asset Exposure Score in the Tenable Vulnerability Management User Guide. |
| AES Severity | All |
(Requires Tenable Security Center+ license) Filters for hosts with the specified AES severity. For more information, see Asset Exposure Score in the Tenable Vulnerability Management User Guide. |
|
Audit File |
All |
Filters vulnerabilities by plugin IDs associated with the audit file used to perform a scan. |
|
CCE ID |
All |
Displays results matching the entered CCE ID. |
|
CVE ID |
All |
Displays vulnerabilities based on one or more CVE IDs. Type multiple IDs as a comma-separated list (e.g., CVE-2011-3348,CVE-2011-3268,CVE-2011-3267). |
|
CVSS v2 Score |
All |
Displays vulnerabilities within the chosen Common Vulnerability Scoring System version 2 (CVSS v2) score range. |
|
CVSS v2 Vector |
All |
Filters results based on a search against the CVSS v2 vector information. |
| CVSS v3 Score | All | Displays vulnerabilities within the chosen Common Vulnerability Scoring System version 3 (CVSS v3) score range. |
| CVSS v3 Vector | All |
Filters results based on a search against the CVSS v3 vector information. |
|
Cross References |
All |
Filters results based on a search against the cross reference information in a vulnerability. |
| Data Format | All | Displays results matching the specified data type: IPv4, IPv6, or Agent. |
|
DNS Name |
All |
This filter specifies a DNS name to limit the viewed vulnerabilities. For example, entering host.example.com limits any of the web tools to only show vulnerability data from that DNS name. |
|
Exploit Available |
All |
If set to yes, displays only vulnerabilities for which a known public exploit exists. |
|
Exploit Frameworks |
All |
When set, the text option can be equal to or contain the text entered in the option. |
|
IAVM ID |
All |
Displays vulnerabilities based on one or more IVAM IDs. Type multiple IDs as a comma-separated list (e.g., 2011-A-0005,2011-A-0007,2012-A-0004). |
|
MS Bulletin ID |
All |
Displays vulnerabilities based on one or more Microsoft Bulletin IDs. Type multiple IDs as a comma-separated list (e.g., MS10-012,MS10-054,MS11-020). |
|
Mitigated |
All |
Displays vulnerabilities for a specific mitigation status:
For more information about mitigation, see Mitigated Vulnerabilities. |
| NetBIOS Name | All |
Displays vulnerabilities that match the specified NetBIOS name. In the drop-down, select Exact Match, Contains, or Regex Match. Regex Match is based on Perl-compatible regular expressions (PCRE). Note: You cannot filter NetBIOS Name by UNKNOWN. The NetBIOS workgroup is labeled UNKNOWN when a workgroup or domain cannot be detected. |
|
Output Assets |
Asset Summary Analysis Tool |
This filter displays only the desired asset list systems. |
|
Patch Published |
All |
Some plugins contain information about when a patch was published for a vulnerability. This filter allows the user to search based on when a vulnerability's patch became available:
|
|
Plugin Family |
All |
This filter chooses a Nessus or Tenable Nessus Network Monitor plugin family. Only vulnerabilities from that family display. |
|
Plugin ID |
All |
Type the plugin ID desired or range based on a plugin ID. Available operators are equal to (=), not equal to (!=), greater than or equal (>=) and less than or equal to (<=). |
|
Plugin Modified |
All |
Tenable plugins contain information about when a plugin was last modified. This filter allows users to search based on when a particular plugin was modified:
|
|
Plugin Name |
All |
Using the Contains option, type all or a portion of the actual plugin name. For example, entering MS08-067 in the plugin name filter displays vulnerabilities using the plugin named MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (uncredentialed check). Similarly, entering the string uncredentialed displays a list of vulnerabilities with that string in the plugin name. Use the Regex Match option to filter plugin names based on Perl-compatible regular expressions (PCRE). |
|
Plugin Published |
All |
Tenable plugins contain information about when a plugin was first published. This filter allows users to search based on when a particular plugin was created:
|
|
Plugin Type |
All |
Select whether to view all plugin types or passive, active, event, or compliance vulnerabilities. |
|
Port |
All |
This filter is in two parts. First the equality operator is specified to allow matching vulnerabilities with the same ports, different ports, all ports less than or all ports greater than the port filter. The port filter allows a comma separated list of ports. For the larger than or less than filters, only one port may be used. Note: All host-based vulnerability checks are reported with a port of 0 (zero). |
|
Protocol |
All |
This filter provides boxes to select TCP, UDP, or ICMP-based vulnerabilities. |
|
Recast Risk |
Cumulative View |
Displays vulnerabilities based on their Recast Risk workflow status. Available choices include Recast Risk or Non-Recast Risk. Choosing both options displays all vulnerabilities regardless of recast risk status. |
|
Repositories |
All |
Displays vulnerabilities from the chosen repositories. |
| STIG Severity | All | Displays vulnerabilities with the chosen STIG severity in the plugins database. |
|
Scan Policy Plugins |
All |
Displays vulnerabilities found by the currently enabled plugins in the scan policy. For more information, see The Plugins tab specifies which plugins are used during the policy’s Tenable Nessus scan. You can enable or disable plugins in the plugin family view or in the plugin view for more granular control.. |
|
Severity |
All |
Displays vulnerabilities with the selected severity. For more information, see CVSS vs. VPR. |
|
Users |
All |
Allows selection of one or more users who are responsible for the vulnerabilities. |
| All |
Tenable Security Center tracks when each vulnerability was first discovered. This filter allows you to see when vulnerabilities were discovered:
Note: The discovery date is based on when the vulnerability was first imported into Tenable Security Center. For Tenable Nessus Network Monitor, this date does not match the exact vulnerability discovery time as there is normally a lag between the time that Tenable Nessus Network Monitor discovers a vulnerability and the import occurs. Note: Days are calculated based on 24-hour periods prior to the current time, not calendar days. For example, if the report run time was 1/8/2019 at 1:00 PM, using a 3-day count would include vulnerabilities starting 1/5/2019 at 1:00 PM and not from 12:00 AM. |
|
|
Vulnerability Last Observed |
Cumulative View |
This filter allows the user to see when the vulnerability was last observed by Tenable Nessus, Tenable Log Correlation Engine, or Tenable Nessus Network Monitor:
Note: The observation date is based on when the vulnerability was most recently imported into Tenable Security Center. For Tenable Nessus Network Monitor, this date does not match the exact vulnerability discovery as there is normally a lag between the time that Tenable Nessus Network Monitor discovers a vulnerability and the import occurs. |
|
Vulnerability Mitigated |
Mitigated View |
This filter allows the user to filter results based on when the vulnerability was mitigated:
|
| Vulnerability Priority Rating (VPR) | All |
Displays vulnerabilities within the chosen VPR range. For more information, see CVSS vs. VPR. Tip:The |
|
Vulnerability Published |
All |
When available, Tenable plugins contain information about when a vulnerability was published. This filter allows users to search based on when a particular vulnerability was published:
|
|
Vulnerability Text |
All |
Displays vulnerabilities containing the entered text (e.g., php 5.3) or regex search term. |
|
Web App Scanning |
All |
Required Additional License: Tenable Web App Scanning Required Tenable Nessus Version: 10.6.1 or later Select whether to display web app scan results in the list:
|
|
Web App URL |
All |
Required Additional License: Tenable Web App Scanning Required Tenable Nessus Version: 10.6.1 or later The URL for the discovered web application associated with the vulnerability. |