Group Your Findings
Required Tenable.io Vulnerability Management User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator
On the Findings page, you can group your vulnerability findings by specific attributes.
Note: When using the Group By feature, you can only export up to five findings at one time.
To group your vulnerability findings:
-
In the upper-left corner, click the
button. The left navigation plane appears.
-
In the left navigation plane, in the Explore section, click Findings.
The Findings page appears, showing a table that lists your findings. By default, the Vulnerabilities tab is active.
-
(Optional) To analyze web application vulnerability findings, click the Web Application Findings tab.
-
Do one of the following:
To group your host vulnerability findings:
Note: To optimize performance, Tenable limits the number of filters you can apply to any Explore > Findings or Assets views (including Group By tables) to seven.
-
At the top of the Host Vulnerabilities table, next to Group By, click one of the following attributes by which to group your findings.
Note: By default, the None group by setting is active, so your findings display ungrouped.
-
Asset — The name of the asset where a scan identified a vulnerability.
-
Plugin — The name of the plugin that identified a vulnerability.
The host vulnerabilities table appears with your findings grouped by the selected attribute.
-
-
(Optional) View the following details about your grouped findings.
Note: The details that appear in the table vary based on the attribute you select to group your findings.
Column Description Asset Asset Name The name of the asset where a scan detected the vulnerability. This value is unique to Tenable.io.
Last Seen The date and time when a scan last found the vulnerability on the asset. Asset IP The IPv4 or IPv6 address associated with the asset record. Vulnerabilities A descriptive image that indicates vulnerability percentages by CVSS-based severity for each set of grouped findings. For more information, see CVSS vs. VPR. Vuln Count The number of vulnerabilities that Tenable.io identified on each set of grouped findings. Critical The number of vulnerabilities with a critical CVSS-based severity rating on each set of grouped findings. For more information, see CVSS vs. VPR. High The number of vulnerabilities with a high CVSS-based severity rating on each set of grouped findings. For more information, see CVSS vs. VPR. Actions The actions you can perform with each set of grouped findings. Plugin Severity The CVSS-based severity score identified on each set of grouped findings. For more information, see CVSS vs. VPR. Name The name of the plugin that identified the vulnerability.
Family The family of the plugin that identified the vulnerability. Plugin ID The ID of the plugin that identified the vulnerability.
Vuln Count The number of vulnerabilities that Tenable.io identified on each set of grouped findings. Actions The actions you can perform with each set of grouped findings.
To group your cloud misconfiguration findings:
Note: To optimize performance, Tenable limits the number of filters you can apply to any Explore > Findings or Assets views (including Group By tables) to seven.
-
At the top of the Cloud Findings table, next to Group By, click one of the following attributes by which to group your findings.
Note: By default, the None group by setting is active, so your findings display ungrouped.
-
Policy Group — The unique ID for the cloud policy associated with the affected asset.
-
Resource Type — The name of the cloud resource type (for example, a resource group or virtual machine).
The cloud findings table appears with your findings grouped by the selected attribute.
-
-
(Optional) View the following details about your grouped findings.
Note: The details that appear in the table vary based on the attribute you select to group your findings.
Column Description Policy Group Policy ID The unique ID for the cloud policy associated with the affected asset.
Severity The vulnerability's CVSS-based severity. For more information, see CVSS vs. VPR. Policy Group The group associated with the security policy that governs the affected asset. Exists in Cloud Indicates whether the affected cloud resource exists in a cloud environment. Exists in IAC Indicates whether the affected asset was created via Infrastructure as Code (IaC). Count of Impacted Resources The number of cloud resources the vulnerability impacts. Misconfiguration Count The number of misconfigurations that Tenable.io identified on each set of grouped findings. Resource Type Resource Type The CVSS-based severity score identified on each set of grouped findings. For more information, see CVSS vs. VPR. Count of Affected Resources The number of cloud resources the vulnerability affects.
Count of Immutable Drift The number of discrepancies between the running cloud environment on which the affected resource runs and the Infrastructure as Code (IaC) that was used to deploy it.
Misconfiguration Count The number of misconfigurations that Tenable.io identified on each set of grouped findings.
To group your web application findings:
Note: To optimize performance, Tenable limits the number of filters you can apply to any Explore > Findings or Assets views (including Group By tables) to seven.
-
At the top of the Web Application Findings table, next to Group By, click one of the following attributes by which to group your findings.
Note: By default, the None group by setting is active, so your findings display ungrouped.
-
Asset — The unique name for the web application associated with the affected asset.
-
Plugin — The ID of the web application resource type (for example, a resource group or virtual machine).
The web application findings table appears with your findings grouped by the selected attribute.
-
-
(Optional) View the following details about your grouped findings.
Note: The details that appear in the table vary based on the attribute you select to group your findings.
Column Description Asset Asset Name The name of the asset where a scan detected the vulnerability. This value is unique to Tenable.io.
Vulnerabilities A descriptive image that indicates vulnerability percentages by CVSS-based severity for each set of grouped findings. For more information, see CVSS vs. VPR. Critical The number of vulnerabilities with a critical CVSS-based severity rating on each set of grouped findings. For more information, see CVSS vs. VPR.. High The number of vulnerabilities with a high CVSS-based severity rating on each set of grouped findings. For more information, see CVSS vs. VPR. Vuln Count The number of vulnerabilities that Tenable.io identified on each set of grouped findings. Last Seen The date and time when a scan last found the vulnerability on the asset. Actions The actions you can perform with each set of grouped findings. Plugin Severity The CVSS-based severity score identified on each set of grouped findings. For more information, see CVSS vs. VPR. Name The name of the plugin that identified the vulnerability.
Family The family of the plugin that identified the vulnerability.
CVSSv2 Base Score The CVSSv2 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments).
Note: Based on your severity metric settings, this parameter may display CVSSv3 base scores. For more information, see General Settings.
Plugin ID The ID of the plugin that identified the vulnerability. Asset Count The number of assets that Tenable.io identified on each set of grouped findings. Vuln Count The number of vulnerabilities that Tenable.io identified on each set of grouped findings. Actions The actions you can perform with each set of grouped findings.
-
-
(Optional) Refine the table data. For more information, see Tenable.io Tables.
-
(Optional) To group by another attribute, next to Group By, click another attribute.
The table shows your findings grouped by the new attribute.
-
(Optional) To remove grouping, next to Group By, click None.
The table shows your findings without grouping.