Web Applications

Required Tenable Vulnerability Management User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

On the Assets workbench, to view only your web application assets, select the Web Applications tile and deselect other tiles. A web application is software that runs in a browser. Examples of web applications are: workplace collaboration apps, ecommerce apps, email apps, and banking apps.

The Web Applications tile contains a table with the following columns. To show or hide columns, see Customize Explore Tables.

Column Description
Asset ID

The UUID of the asset where a scan detected the finding. This value is unique to Tenable Vulnerability Management.

Name

The asset identifier; assigned based on the presence of certain attributes in the following logical order:

  1. Nessus Agent name
  2. Hostname
  3. WebApp hostname
  4. Container Security Image name
  5. Container Runtime hostname
  6. Cloud Common Resource name
  7. Cloud Common Resource identifier
  8. Cloud Runtime name
  9. Cloud IAC name
  10. Active Directory Asset name
  11. Domain Record hostname

If none of the above attributes are present, then FQDN is selected as the name for the asset.

AES

The Asset Exposure Score of the asset.

ACR

The Asset Criticality Rating of the asset.

Licensed

Indicates if the asset is licensed within Tenable Vulnerability Management. For more information, see Tenable Vulnerability Management Licenses.

SSL/TLS

Specifies whether the application on which the asset is hosted uses SSL/TLS public-key encryption.

IPV4 Address

The IPv4 address for the affected asset.

Operating System

The operating system installed on the asset.

First Seen

The date and time when a scan first identified the asset.

Last Seen

The date when a scan last found the vulnerability on an asset.

Last Licensed Scan

The date and time of the last scan in which the asset was considered "licensed" and counted towards Tenable's license limit. A licensed scan uses non-discovery plugins and can identify vulnerabilities. Unauthenticated scans that run non-discovery plugins update the Last Licensed Scan field, but not the Last Authenticated Scan field. For more information on licensed assets, see Tenable Vulnerability Management Licenses.

Last Authenticated Scan

The date and time of the last authenticated scan run against the asset. An authenticated scan that only uses discovery plugins updates the Last Authenticated Scan field, but not the Last Licensed Scan field.

Public

Specifies whether the asset is available on a public network.

Note: A public asset is within the public IP space and identified by the is_public attribute in the Tenable Vulnerability Management query namespace.

Source

The source of the scan that identified the asset.

Tags

Tags applied to the asset.

Created Date

The date and time when Tenable Vulnerability Management created the asset record.

Updated Date

The date and time when Tenable Vulnerability Management last updated the asset record.

Actions

In this column, click the button to view a drop-down where you can:

  • Export — Export to CSV or JSON, as described in Export from Explore Tables.

  • Add Tags — Add new tags. In the dialog that appears, choose a Category and Value, as described in Tags.

  • Remove Tags — Remove existing tags. In the dialog that appears, click a tag and click Remove.

  • View All Details — View complete details for a finding, as described in View Finding Details.

  • Delete — Permanently delete an asset, as described in Delete Assets.