View Recommended Actions

The following feature is not supported in Tenable.io Federal Risk and Authorization Management Program (FedRAMP) environments.

Required Additional License: Tenable Lumin

Required Tenable.io Vulnerability Management User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

Tenable provides a list of top 20 recommended actions (solutions) for assets on your network, regardless of your access group permissions. You can identify solutions, then drill into the solution details to understand the steps to address the vulnerability on your network.

Addressing vulnerabilities on your network lowers your CES and AES metrics.

To view the top 20 recommended solutions for all assets on your network:

  1. Navigate to the new Tenable.io interface, as described in Access the New Interface.

  2. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  3. In the left navigation plane, click Lumin.

    The Lumin dashboard appears.

  4. In the Reduce Cyber Exposure Score widget, click See Top Recommended Actions.

    The Lumin Recommended Actions page appears. The table sorts your top solutions (up to 20) by VPR category (Critical to Low) and then by decreasing Assets Affected.

  5. (Optional) To change the tag filter applied to the page, in the upper left corner, select a tag from the drop-down list.

    Lumin filters the page by the tag you selected.

Section Action
Summary bar

View summary statistics about the expected impact if you address all of the solutions in the Recommended Actions table.

  • Expected CES reduction if you resolve all of the top solutions.
  • Number of vulnerability instances eliminated by the top solutions.

    Tip: A vulnerability instance is a single instance of a vulnerability appearing on an asset, identified uniquely by plugin ID, port, and protocol.

  • Number of assets affected by the top solutions.
Recommended Actions table
  • View information about each solution.
    • Solution — A description for the solution.
    • Licensed Assets — The total number of assets affected by the vulnerabilities addressed by the solution.
    • CVEs — The total number of individual CVEs addressed by the solution.
    • CVE Instances — The number of CVE instances addressed by the solution.

    • Exploit Code Maturity — The key driver value for the highest VPR for the vulnerabilities addressed by the solution.
    • VPR — The highest VPR for the vulnerabilities addressed by the solution.
    • CVSS — The highest CVSSv2 score (or CVSSv3 score, when available) for the vulnerabilities addressed by the solution.
  • To view details for a solution, click a solution row.

    The Solution Details page appears. For more information, see View Solution Details.

  • To export solution data, see Export Recommended Actions.
  • To download previously exported solution data, see View and Download Exported Recommended Actions.