Group Your Findings

Required Tenable Vulnerability Management User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

On the Findings workbench, you can group your findings by specific attributes. You can group host vulnerabilities, cloud misconfigurations, and web application findings, but you cannot group host audit findings.

To group your vulnerability findings:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. In the left navigation plane, in the Explore section, click Findings.

    The Findings page appears, showing a table that lists your findings. By default, the Vulnerabilities tab is active.

  3. Do one of the following:

    1. At the top of the Findings table, next to Group By, click one of the following attributes:

      • Asset — The name of the asset where a scan identified a vulnerability.

      • Plugin — The name of the plugin that identified a vulnerability.

      The Findings table displays your findings grouped by the selected attribute.

    2. View the following details about your grouped findings. These vary depending on the attribute you select:

      Column Description
      Asset
      Asset Name

      The name of the asset where a scan detected the vulnerability. This value is unique to Tenable Vulnerability Management.
      Asset Tags Asset tags for the affected asset. Hover over the first tag to view any additional tags.
      Last Seen The date and time when a scan last found the vulnerability on the asset.
      Asset IP The IPv4 or IPv6 address associated with the asset record.
      Vulnerabilities A descriptive image that indicates vulnerability percentages by CVSS-based severity for each set of grouped findings. For more information, see CVSS vs. VPR.
      Vuln Count The number of vulnerabilities that Tenable Vulnerability Management identified on each set of grouped findings.
      Critical The number of vulnerabilities with a critical CVSS-based severity rating on each set of grouped findings. For more information, see CVSS vs. VPR.
      High The number of vulnerabilities with a high CVSS-based severity rating on each set of grouped findings. For more information, see CVSS vs. VPR.
      Plugin
      Severity The CVSS-based severity score identified on each set of grouped findings. For more information, see CVSS vs. VPR.
      Name

      The name of the plugin that identified the vulnerability.
      Family The family of the plugin that identified the vulnerability.
      Plugin ID

      The ID of the plugin that identified the vulnerability.
      Vuln Count The number of vulnerabilities that Tenable Vulnerability Management identified on each set of grouped findings.

    1. At the top of the Findings table, next to Group By, click one of the following attributes:

      • Policy — The cloud policy associated with the affected asset.

        Policy Group — The unique ID for the cloud policy associated with the affected asset.

      • Resource Type — The name of the cloud resource type (for example, a resource group or virtual machine).

      The Findings table displays your findings grouped by the selected attribute.

    2. View the following details about your grouped findings. These vary depending on the attribute you select:

      Column Description
      Policy
      Policy Name The name of the policy associated with the affected asset.
      Severity The vulnerability's CVSS-based severity. For more information, see CVSS vs. VPR.
      Source

      The source of the policy. Possible values are:

      • Cloud

      • IaC (Infrastructure as Code)
      Last Seen The last date the vulnerability was identified in a scan.
      Count of Impacted Resources The number of cloud resources the vulnerability impacts.
      Policy Group  
      Policy ID

      The unique ID for the cloud policy associated with the affected asset.

      Severity The vulnerability's CVSS-based severity. For more information, see CVSS vs. VPR.
      Policy Group The group associated with the security policy that governs the affected asset.
      Exists in Cloud Indicates whether the affected cloud resource exists in a cloud environment.
      Exists in IAC Indicates whether the affected asset was created via Infrastructure as Code (IaC).
      Count of Impacted Resources The number of cloud resources the vulnerability impacts.
      Misconfiguration Count The number of misconfigurations that Tenable Vulnerability Management identified on each set of grouped findings.
      Resource Type
      Resource Type The CVSS-based severity score identified on each set of grouped findings. For more information, see CVSS vs. VPR.
      Count of Affected Resources

      The number of cloud resources the vulnerability affects.

      Count of Immutable Drift

      The number of discrepancies between the running cloud environment on which the affected resource runs and the Infrastructure as Code (IaC) that was used to deploy it.
      Misconfiguration Count The number of misconfigurations that Tenable Vulnerability Management identified on each set of grouped findings.

    1. At the top of the Findings table, next to Group By, click one of the following attributes:

      • Asset — The unique name for the web application associated with the affected asset.

      • Plugin — The ID of the web application resource type (for example, a resource group or virtual machine).

      The web application findings table appears with your findings grouped by the selected attribute.

    2. View the following details about your grouped findings. These vary depending on the attribute you select:

      Column Description
      Asset
      Asset Name

      The name of the asset where a scan detected the vulnerability. This value is unique to Tenable Vulnerability Management.

      Vulnerabilities A descriptive image that indicates vulnerability percentages by CVSS-based severity for each set of grouped findings. For more information, see CVSS vs. VPR.
      Critical The number of vulnerabilities with a critical CVSS-based severity rating on each set of grouped findings. For more information, see CVSS vs. VPR.
      High The number of vulnerabilities with a high CVSS-based severity rating on each set of grouped findings. For more information, see CVSS vs. VPR.
      Vuln Count The number of vulnerabilities that Tenable Vulnerability Management identified on each set of grouped findings.
      Last Seen The date and time when a scan last found the vulnerability on the asset.
      Actions The actions you can perform with each set of grouped findings.
      Plugin
      Severity The CVSS-based severity score identified on each set of grouped findings. For more information, see CVSS vs. VPR.
      Name

      The name of the plugin that identified the vulnerability.

      Family

      The family of the plugin that identified the vulnerability.
      CVSSv2 Base Score

      The CVSSv2 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments).

      Note: Based on your severity metric settings, this parameter may display CVSSv3 base scores. For more information, see General Settings.
      Plugin ID The ID of the plugin that identified the vulnerability.
      Asset Count The number of assets that Tenable Vulnerability Management identified on each set of grouped findings.
      Vuln Count The number of vulnerabilities that Tenable Vulnerability Management identified on each set of grouped findings.
      Actions The actions you can perform with each set of grouped findings.