Vulnerability Analysis Filter Components

For general information about using filters, see Filters.

Filter Component Availability Description

Accept Risk

Cumulative View

Displays vulnerabilities based on their Accepted Risk workflow status. Available choices include Accepted Risk or Non-Accepted Risk. Choosing both options displays all vulnerabilities regardless of acceptance status.

Address

All

This filter specifies an IPv4 or IPv6 address, range, or CIDR block to limit the viewed vulnerabilities. For example, entering 198.51.100.28/24 and/or 2001:DB8::/32 limits any of the web tools to show vulnerability data from the specified networks. You can enter addresses in a comma-separated list or on separate lines.

Agent ID All

Displays results matching the specified agent UUID (Tenable UUID). An agent UUID uniquely identifies:

  • Agent-detected assets that may share a common IP address.
  • OT Security assets that may not have an IP address. For more information, see OT Security Instances.

Application CPE

All

Allows a text string search to match against available CPEs. The filter may be set to search based on a contains, Exact Match, or Regex Filter filter. The Regex Filter is based on Perl-compatible regular expressions (PCRE).

Asset

All

This filter displays systems from the assets you select. If more than one asset contains the systems from the primary asset (i.e., there is an intersect between the asset lists), those assets are displayed as well.

Tip: Use NOT, OR, and AND operators to exclude unwanted assets from the view.

Asset Exposure Score (AES) All

(Requires Tenable Security Center+ license) Filters for hosts within the specified AES range, between 0 and 1000.

For more information, see Asset Exposure Score in the Tenable Vulnerability Management User Guide.

AES Severity All

(Requires Tenable Security Center+ license) Filters for hosts with the specified AES severity.

For more information, see Asset Exposure Score in the Tenable Vulnerability Management User Guide.

Audit File

All

Filters vulnerabilities by plugin IDs associated with the audit file used to perform a scan.

CCE ID

All

Displays results matching the entered CCE ID.

CVE ID

All

Displays vulnerabilities based on one or more CVE IDs. Type multiple IDs as a comma-separated list (e.g., CVE-2011-3348,CVE-2011-3268,CVE-2011-3267).

CVSS v2 Score

All

Displays vulnerabilities within the chosen Common Vulnerability Scoring System version 2 (CVSS v2) score range.

CVSS v2 Vector

All

Filters results based on a search against the CVSS v2 vector information.

CVSS v3 Score All Displays vulnerabilities within the chosen CVSS v3 score range.
CVSS v3 Vector All

Filters results based on a search against the CVSS v3 vector information.

CVSS v4 Score All Displays vulnerabilities within the chosen CVSS v4 score range.
CVSS v4 Supplemental All

Filters results based on a search against the CVSS v4 supplemental information.

CVSS v4 Threat Score All Displays vulnerabilities within the chosen CVSS v4 threat score range.
CVSS v4 Threat Vector All

Filters results based on a search against the CVSS v4 threat vector information.

CVSS v4 Vector All

Filters results based on a search against the CVSS v4 vector information.

Cross References

All

Filters results based on a search against the cross reference information in a vulnerability.

Data Format All Displays results matching the specified data type: IPv4, IPv6, or Agent.

DNS Name

All

This filter specifies a DNS name to limit the viewed vulnerabilities. For example, entering host.example.com limits any of the web tools to only show vulnerability data from that DNS name.

Exploit Prediction Scoring System (EPSS) All Filters results by the EPSS score, which predicts how likely a vulnerability is to be exploited.

Exploit Available

All

If set to yes, displays only vulnerabilities for which a known public exploit exists.

Exploit Frameworks

All

When set, the text option can be equal to or contain the text entered in the option.

IAVM ID

All

Displays vulnerabilities based on one or more IVAM IDs. Type multiple IDs as a comma-separated list (e.g., 2011-A-0005,2011-A-0007,2012-A-0004).

MS Bulletin ID

All

Displays vulnerabilities based on one or more Microsoft Bulletin IDs. Type multiple IDs as a comma-separated list (e.g., MS10-012,MS10-054,MS11-020).

Mitigated

All

Displays vulnerabilities for a specific mitigation status:

  • Previously Mitigated — the vulnerability was previously mitigated but it reappeared in a scan and is currently vulnerable
  • Never Mitigated — the vulnerability is currently vulnerable and has never been mitigated

For more information about mitigation, see Mitigated Vulnerabilities.

Nessus Web Tests All Displays vulnerabilities that are detected by a scan with Nessus Web Tests enabled in the scan policy.
NetBIOS Name All

Displays vulnerabilities that match the specified NetBIOS name.

In the drop-down, select Exact Match, Contains, or Regex Match. Regex Match is based on Perl-compatible regular expressions (PCRE).

Note: You cannot filter NetBIOS Name by UNKNOWN. The NetBIOS workgroup is labeled UNKNOWN when a workgroup or domain cannot be detected.

Output Assets

Asset Summary Analysis Tool

This filter displays only the desired asset list systems.

Patch Published

All

Some plugins contain information about when a patch was published for a vulnerability. This filter allows the user to search based on when a vulnerability's patch became available:

  • None (displays vulnerabilities that do not have a patch available)
  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Current Month
  • Last Month
  • Current Quarter (during the current calendar year quarter)
  • Last Quarter (during the previous calendar year quarter)
  • Current Year
  • Last Year
  • Custom Range (during a specific range you specify)
  • Explicit (at a specific time you specify)

Plugin Family

All

This filter chooses a Nessus or Tenable Nessus Network Monitor plugin family. Only vulnerabilities from that family display.

Plugin ID

All

Type the plugin ID desired or range based on a plugin ID. Available operators are equal to (=), not equal to (!=), greater than or equal (>=) and less than or equal to (<=).

Plugin Modified

All

Tenable plugins contain information about when a plugin was last modified. This filter allows users to search based on when a particular plugin was modified:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Current Month
  • Last Month
  • Current Quarter (during the current calendar year quarter)
  • Last Quarter (during the previous calendar year quarter)
  • Current Year
  • Last Year
  • Custom Range (during a specific range you specify)
  • Explicit (at a specific time you specify)

Plugin Name

All

Using the Contains option, type all or a portion of the actual plugin name. For example, entering MS08-067 in the plugin name filter displays vulnerabilities using the plugin named MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (uncredentialed check). Similarly, entering the string uncredentialed displays a list of vulnerabilities with that string in the plugin name.

Use the Regex Match option to filter plugin names based on Perl-compatible regular expressions (PCRE).

Plugin Published

All

Tenable plugins contain information about when a plugin was first published. This filter allows users to search based on when a particular plugin was created:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Current Month
  • Last Month
  • Current Quarter (during the current calendar year quarter)
  • Last Quarter (during the previous calendar year quarter)
  • Current Year
  • Last Year
  • Custom Range (during a specific range you specify)
  • Explicit (at a specific time you specify)

Plugin Type

All

Select whether to view all plugin types or passive, active, event, or compliance vulnerabilities.

Port

All

This filter is in two parts. First the equality operator is specified to allow matching vulnerabilities with the same ports, different ports, all ports less than or all ports greater than the port filter. The port filter allows a comma separated list of ports. For the larger than or less than filters, only one port may be used.

Note: All host-based vulnerability checks are reported with a port of 0 (zero).

Protocol

All

This filter provides boxes to select TCP, UDP, or ICMP-based vulnerabilities.

Recast Risk

Cumulative View

Displays vulnerabilities based on their Recast Risk workflow status. Available choices include Recast Risk or Non-Recast Risk. Choosing both options displays all vulnerabilities regardless of recast risk status.

Repositories

All

Displays vulnerabilities from the chosen repositories.

STIG Severity All Displays vulnerabilities with the chosen STIG severity in the plugins database.
Scan Accuracy All

Displays vulnerabilities that are detected by scans with the chosen scan accuracy:

  • Not Paranoid — the vulnerability was detected by a scan with the scan accuracy set to Not Paranoid in the scan policy.
  • Paranoid — the vulnerability was detected by a scan with the scan accuracy set to Paranoid in the scan policy.

Scan Policy Plugins

All

Displays vulnerabilities found by the currently enabled plugins in the scan policy. For more information, see Plugins Options.

Security End of Life Date All

When available, Tenable plugins contain information about software end of life dates. This filter allows users to search based on when a particular software is end of life:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Current Month
  • Last Month
  • Current Quarter (during the current calendar year quarter)
  • Last Quarter (during the previous calendar year quarter)
  • Current Year
  • Last Year
  • Custom Range (during a specific range you specify)
  • Explicit (at a specific time you specify)

Severity

All

Displays vulnerabilities with the selected severity. For more information, see CVSS vs. VPR.

Thorough Tests All

Displays vulnerabilities that are detected by scans with Thorough Tests enabled in the scan policy.

Users

All

Allows selection of one or more users who are responsible for the vulnerabilities.

Vulnerability Discovered

All

Tenable Security Center tracks when each vulnerability was first discovered. This filter allows you to see when vulnerabilities were discovered:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Current Month
  • Last Month
  • Current Quarter (during the current calendar year quarter)
  • Last Quarter (during the previous calendar year quarter)
  • Current Year
  • Last Year
  • Custom Range (during a specific range you specify)
  • Explicit (at a specific time you specify)

Note: The discovery date is based on when the vulnerability was first imported into Tenable Security Center. For Tenable Nessus Network Monitor, this date does not match the exact vulnerability discovery time as there is normally a lag between the time that Tenable Nessus Network Monitor discovers a vulnerability and the import occurs.

Note: Days are calculated based on 24-hour periods prior to the current time, not calendar days. For example, if the report run time was 1/8/2019 at 1:00 PM, using a 3-day count would include vulnerabilities starting 1/5/2019 at 1:00 PM and not from 12:00 AM.

Vulnerability Last Observed

Cumulative View

This filter allows the user to see when the vulnerability was last observed by Tenable Nessus, Tenable Log Correlation Engine, or Tenable Nessus Network Monitor:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Current Month
  • Last Month
  • Current Quarter (during the current calendar year quarter)
  • Last Quarter (during the previous calendar year quarter)
  • Current Year
  • Last Year
  • Custom Range (during a specific range you specify)
  • Explicit (at a specific time you specify)

Note: The observation date is based on when the vulnerability was most recently imported into Tenable Security Center. For Tenable Nessus Network Monitor, this date does not match the exact vulnerability discovery as there is normally a lag between the time that Tenable Nessus Network Monitor discovers a vulnerability and the import occurs.

Vulnerability Mitigated

Mitigated View

This filter allows the user to filter results based on when the vulnerability was mitigated:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Current Month
  • Last Month
  • Current Quarter (during the current calendar year quarter)
  • Last Quarter (during the previous calendar year quarter)
  • Current Year
  • Last Year
  • Custom Range (during a specific range you specify)
  • Explicit (at a specific time you specify)
Vulnerability Priority Rating (VPR) All

Displays vulnerabilities within the chosen VPR range. For more information, see CVSS vs. VPR.

Tip:The Vulnerabilities page displays vulnerabilities by plugin. The VPR that appears is the highest VPR of all the vulnerabilities associated with that plugin.

Vulnerability Published

All

When available, Tenable plugins contain information about when a vulnerability was published. This filter allows users to search based on when a particular vulnerability was published:

  • All
  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Current Month
  • Last Month
  • Current Quarter (during the current calendar year quarter)
  • Last Quarter (during the previous calendar year quarter)
  • Current Year
  • Last Year
  • Custom Range (during a specific range you specify)
  • Explicit (at a specific time you specify)

Vulnerability Text

All

Displays vulnerabilities containing the entered text (e.g., php 5.3) or regex search term.

Web App Scanning

All

Required Additional License: Tenable Web App Scanning

Required Tenable Nessus Version: 10.6.1 or later

Select whether to display web app scan results in the list:

  • Exclude Web App Results - do not display web app scan results in the list of vulnerabilities.

  • Include Web App Results - include web app scan results in the list of vulnerabilities.

  • Only Web App Results - filter the list to display only web app scans results.

Web App URL

All

Required Additional License: Tenable Web App Scanning

Required Tenable Nessus Version: 10.6.1 or later

The URL for the discovered web application associated with the vulnerability.