Cloud Misconfiguration Details

On the Findings page, you can click a cloud vulnerability finding to view basic details about the finding in the preview panel. You can view more details about the finding on the Cloud Misconfiguration Details page.

Note: Tenable.io retains findings data for only 15 months.

The following tables describe the information that appears in each option:

Preview Panel

The preview panel shows the following details about the cloud vulnerability finding:

Section Description
Left section
Header The name of the plugin that identified the vulnerability.
Cloud Resource Attributes

Information about the affected resource, including:

  • Asset ID — The UUID of the asset where a scan detected the vulnerability. This value is unique to Tenable.io.

  • Types — The types of assets affected, determined by plugin data.

  • IaC Resource Type — The Infrastructure as Code (IAC) resource type of the asset.

  • Resource Type — The types of assets affected, determined by plugin data.
  • Resource Category — The types of assets affected, determined by plugin data.
  • Project — The cloud project associated with the findings and affected asset.

  • Region — The cloud region on which the asset resides.

  • Has Drift — Indicates whether the asset has any drifts. For more information, see Set up Drift Analysis in the Tenable.cs User Guide.

  • Is Mapped — Indicates whether the asset is mapped. For more information, see Cloud Scan Workflow in the Tenable.cs User Guide.

  • Cloud Provider — The name of the cloud provider that hosts the asset.

  • Resource ID — The resource ID of the finding.

  • Real — Indicates whether the affected asset exists in a cloud environment.

  • ARN — The unique Amazon resource name for the asset in AWS.

  • Resource Name — The name of the asset where the scanner detected the vulnerability. Tenable.io assigns this identifier based on the presence of certain asset attributes in the following order:

    • Agent Name (if agent-scanned)
    • NetBIOS Name
    • FQDN
    • IPv6 address
    • IPv4 address

    For example, if scans identify a NetBIOS name and an IPv4 address for an asset, the NetBIOS name appears as the Resource Name.

Additional Information Vulnerabilities — The number of vulnerabilities the policy detected during the scan.
Asset Scan Information

Information about the scan that detected the vulnerability, including:

  • First Seen — The date when a scan first found the vulnerability on an asset.

  • Last Seen — The date when a scan last found the vulnerability on an asset.

  • Last Licensed Scan — The date and time of the last scan in which the asset was considered "licensed" and counted towards Tenable's license limit. A licensed scan uses non-discovery plugins and can identify vulnerabilities. Unauthenticated scans that run non-discovery plugins update the Last Licensed Scan field, but not the Last Authenticated Scan field. For more information on licensed assets, see Vulnerability Management Licenses.

  • Source — The source of the scan that detected the vulnerability on the affected asset.

Right section
Cloud Misconfiguration Information

Information about the vulnerability finding, including:

  • Policy Group Name — The name of the policy group associated with the finding.

  • Policy Name — The name of the cloud policy associated with the affected asset.

  • Benchmark — The benchmark associated with the finding.

  • Policy Category — The policy category associated with the finding.

  • IaC Resource Type — The Infrastructure as Code (IAC) resource type of the asset.

  • Managed By — The name of the person, group, or company, that manages the affected asset.

  • Policy Type — The type of cloud policy associated with the finding.

  • Rule Reference ID — The type of cloud policy associated with the finding.

  • Version — The version associated with the finding.

  • Project — The cloud project associated with the findings and affected asset.

  • Policy Group ID — The type of policy group ID associated with the finding.

  • Rule ID — The rule ID associated with the finding.

  • Environment ID — The environment ID associated with the finding.

  • Severity — The vulnerability's CVSS-based severity. For more information, see CVSS vs. VPR.

  • Result — The result of the finding.

  • Ignored — Indicates whether Tenable.io ignored the policy violation when calculating the finding's severity.

  • First Seen — The date when a scan first found the vulnerability on an asset.

  • Last Seen — The date when a scan last found the vulnerability on an asset.

Cloud Misconfiguration Details Page

The Cloud Misconfiguration Details page shows the following details about the cloud finding:

Section Description
Top section
Policy Group Name

The name of the cloud policy group associated with the affect asset.

Policy Name

The name of the cloud policy associated with the affect asset.

Solution

A brief summary of how you can remediate the vulnerability. This section appears only if an official solution is available.

See Also Links to external websites that contain helpful information about the vulnerability.
Lower section
Cloud Resource Attributes

Information about the affected asset, including:

  • Asset ID — The UUID of the asset where a scan detected the vulnerability. This value is unique to Tenable.io.

  • Resource Name — The asset identifier.

  • Types — The types of assets affected, determined by plugin data.

  • IaC Resource Type — The Infrastructure as Code (IAC) resource type of the asset.

  • Resource Type — The types of resources affected, determined by plugin data.

  • Has Drift — Indicates whether the asset has any drifts. For more information, see Set up Drift Analysis in the Tenable.cs User Guide.

  • Is Mapped — Indicates whether the asset is mapped. For more information, see Cloud Scan Workflow in the Tenable.cs User Guide.

  • Is Real — Indicates whether the affected asset exists in a cloud environment.
  • Cloud Provider — The name of the cloud provider that hosts the resource.

  • Resource ID — The resource ID of the resource.

  • Resource Name — The name of the resource

Additional Information Additional information about the vulnerability finding.
Asset Scan Information

Information about the scan that detected the vulnerability, including:

  • First Seen — The date when a scan first found the vulnerability on an asset.

  • Last Seen — The date when a scan last found the vulnerability on an asset.

  • Last Licensed Scan — The date when the scanner last ran a credentialed scan on the affected asset.

  • Source — The source of the scan that detected the vulnerability on the affected asset.

Tags

Tags assigned to the affected asset.

Right section

Cloud Misconfiguration Information

Information about the vulnerability finding, including:

  • Finding ID — The unique ID for the individual finding.

    Note: You can view the ID for a finding by accessing the Findings Details page for the findings and checking the page URL. The finding ID is the alphanumeric text that appears in the path between details and asset.

  • Severity — A descriptive icon that indicated the severity of the vulnerability.

  • Result — The result of the finding.

  • Benchmark — The benchmark associated with the finding.

  • Policy Category — The policy category associated with the finding.

  • IaC Type — The Infrastructure as Code (IAC) resource type of the asset.

  • Managed By — The name of the person, group, or company, that manages the affected asset.

  • Policy Type — The type of cloud policy associated with the finding.

  • Rule Reference ID — The reference ID for the security rule for which the scanner found a violation.

  • Version — The version associated with the finding.

  • Project — The cloud project associated with the findings and affected asset.

  • Exists in IAC — Indicates whether the affected asset was created via Infrastructure as Code (IaC).

  • Exists in Cloud — Indicates whether the affected asset exists in a cloud environment.

  • Ignored — Indicates whether Tenable.cs ignored the policy violation when determining the finding severity.

  • Policy ID — The unique ID for the cloud policy associated with the affected asset.

Cloud Misconfiguration Discovery

Information about when Tenable.io first discovered the vulnerability, including:

  • First Seen — The date when Tenable.io first scanned the affected asset.

  • Last Seen — The date when Tenable.iolast scanned the affected asset.