CSV Vulnerability Export Fields
The following feature is only available in Tenable FedRAMP Moderate environments.
Each line in the .csv file is composed of the fields described in the following table. On the Vulnerabilities page, you can export vulnerabilities as a .csv file.
| Field | Description |
|---|---|
| Asset UUID | The UUID of the asset where a scan detected the vulnerability. This value is unique to Tenable Vulnerability Management. |
|
CVE |
The Common Vulnerability and Exposure (CVE) ID for the plugin that identified the vulnerability. |
| CVSS | The severity of the vulnerability. |
| CVSS Base Score | The CVSSv2 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments). |
| CVSS Temporal Score | The CVSSv2 temporal score (characteristics of a vulnerability that change over time but not among user environments). |
| CVSS Temporal Vector | CVSSv2 temporal metrics for the vulnerability. |
| CVSS Vector | More CVSSv2 metrics for the vulnerability. |
| CVSS3 Base Score | The CVSSv3 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments). |
| CVSS3 Temporal Score | The CVSSv3 temporal score (characteristics of a vulnerability that change over time but not among user environments). |
| CVSS3 Temporal Vector | CVSSv3 temporal metrics for the vulnerability. |
| CVSS3 Vector | More CVSSv3 metrics for the vulnerability. |
| Description | The description of the plugin used to detect the vulnerability. |
| FQDN | The fully qualified domain name of the host that the vulnerability was detected on. |
| Host | The hostname of the asset where a scan found the vulnerability. |
| Host End | The UNIX timestamp for when the scan completed. |
| Host Start | The UNIX timestamp for when the scan began. |
| IP Address | The hostname of the asset where a scan found the vulnerability. |
| MAC Address | The MAC address of the host where a scan found the vulnerability. |
| Name | The name of the plugin that detected the vulnerability. |
| NetBios | The NetBios name of the host where a scan found the vulnerability. |
| OS | The operating system of the host where a scan found the vulnerability. |
| Plugin Family | The plugin family of the exported vulnerabilities. |
| Plugin ID | The ID of the plugin that identified the vulnerability. |
| Plugin Output | The text output of the plugin that identified the vulnerability. |
| Port | Information about the port the scanner used to connect to the asset where the scan found the vulnerability. |
| Protocol | The protocol the scanner used to communicate with the asset where the scan found the vulnerability. |
| Risk | The CVSS-based risk factor associated with the plugin. |
| See Also | Links to external websites that contain helpful information about the vulnerability. |
| Solution | Remediation information for the vulnerability. |
| Synopsis | Brief description of the plugin or vulnerability. |
| System Type | Device type. |
| Vulnerability Priority Rating (VPR) | The VPR that Tenable calculates for the vulnerability. For more information, see Risk Metrics. |
| Vulnerability State | The state of the vulnerability. For more information, see Vulnerability States. |