CSV Asset Export Fields

Each line in the .csv file is composed of the fields described in the following table. On the Assets page, you can export assets as a .csv file.

Field Description
ACR Drivers

(Requires Lumin license) The key drivers Tenable used to calculate the ACR for this asset.

ACR Score

(Requires Lumin license)The asset's ACR.

Agent Name

The name of the Nessus agent that scanned and identified the asset.

AWS Availability Zone

The name of the Availability Zone where AWS hosts the virtual machine instance. For more information, see Regions and Availability Zones in the AWS documentation.

AWS EC2 Instance AMI ID

The unique identifier of the Linux AMI image in Amazon Elastic Compute Cloud (Amazon EC2). For more information, see the Amazon Elastic Compute Cloud Documentation.

AWS EC2 Instance Group Name

The virtual machine instance's group in AWS.

AWS EC2 Instance ID

The unique identifier of the Linux instance in Amazon EC2. For more information, see the Amazon Elastic Compute Cloud Documentation.

AWS EC2 Instance State Name

The state of the virtual machine instance in AWS at the time of the scan. For possible values, see API Instance State in the Amazon Elastic Compute Cloud Documentation.

AWS EC2 Instance Type

The type of virtual machine instance in Amazon EC2. Amazon EC2 instance types dictate the specifications of the instance (for example, how much RAM it has). For a list of possible values, see Amazon EC2 Instance Types in the AWS documentation.

AWS EC2 Name

The name of the virtual machine instance in Amazon EC2.

AWS EC2 Product Code

The product code associated with the AMI used to launch the virtual machine instance in Amazon EC2.

AWS Owner ID

A UUID for the Amazon AWS account that created the virtual machine instance. For more information, see AWS Account Identifiers in the AWS documentation.

This attribute contains a value for Amazon EC2 instances only. For other asset types, this attribute is empty.

AWS Region

The region where AWS hosts the virtual machine instance, for example, us-east-1. For more information, see Regions and Availability Zones in the AWS documentation.

AWS Subnet ID

The unique identifier of the AWS subnet where the virtual machine instance was running at the time of the scan.

AWS VPC ID

The unique identifier of the public cloud that hosts the AWS virtual machine instance. For more information, see the Amazon Virtual Private Cloud User Guide.

Azure VM ID

The unique identifier of the Microsoft Azure virtual machine instance. For more information, see Accessing and Using Azure VM Unique ID in the Microsoft Azure documentation.

BigFix Asset ID

The unique identifiers of the asset in IBM BigFix. For more information, see the IBM BigFix documentation.

BIOS UUID

The BIOS UUID of the asset.

Created At

The time and date when Tenable.io created the asset record.

Deleted At

The time and date when a user deleted the asset record. When a user deletes an asset record, Tenable.io retains the record until the asset ages out of the license count.

Deleted By

The user who deleted the asset record.

Exposure Score

The Asset Exposure Score (AES) calculated for the asset.

First Scan Time

The time and date of the first scan run against the asset.

First Seen

The date and time when a scan first identified the asset.

FQDN

The fully-qualified domain name of the host that the vulnerability was detected on.

GCP Instance ID

The unique identifier of the virtual machine instance in Google Cloud Platform (GCP).

GCP Project ID

The customized name of the project to which the virtual machine instance belongs in GCP. For more information, see Creating and Managing Projects in the GCP documentation.

GCP Zone

The zone where the virtual machine instance runs in GCP. For more information, see Regions and Zones in the GCP documentation.

Has Agent

Specifies whether a Nessus agent scan identified the asset.

Has Plugin Results

Specifies whether the asset has plugin results associated with it.

Hostname

The hostname of the asset.

id

The UUID of the asset in Tenable.io.

Installed Software

A list of Common Platform Enumeration (CPE) values that represent software applications a scan identified as present on an asset. This field supports the CPE 2.2 format. For more information, see the Component Syntax section of the CPE Specification documentation, Version 2.2. For assets identified in Tenable scans, this field contains data only if a scan using Nessus Plugin ID 45590 has evaluated the asset.

Note: If no scan detects an application within 30 days of the scan that originally detected the application, Tenable.io considers the detection of that application expired. As a result, the next time a scan evaluates the asset, Tenable.io removes the expired application from the Installed Software attribute. This activity is logged as a remove type of attribute change in the asset activity log.

Interfaces

The network interfaces that scans identified on the asset.

IPv4

An IPv4 address for the asset.

IPv6

An IPv6 address for the asset.

Last Authenticated

The time and date of the last credentialed scan run on the asset.

Last Licensed Scan Date

The time and date of the last scan that identified the asset as licensed. For more information about licensed assets, see Vulnerability Management Licenses.

Last Scan Target

The FQDN, IPv4 address, or IPv6 address that the scanner last used to target the asset.

Last Scan Time

The time and date of the last scan run against the asset.

Last Seen

The date and time of the scan that most recently identified the asset.

MAC Address

A MAC address that a scan has associated with the asset record.

Manufacturer TPM ID

The manufacturer's unique identifiers of the Trusted Platform Module (TPM) associated with the asset.

McAfee Epo Agent Guid

The unique identifier of the McAfee ePO agent that identified the asset. For more information, see the McAfee documentation.

McAfee EpoGuid

The unique identifier of the asset in McAfee ePolicy Orchestrator (ePO). For more information, see the McAfee documentation.

Mitigations (Requires Lumin license) The mitigations that scans have identified as present on the asset. Lumin defines mitigations as endpoint protection agents, which include antivirus software, Endpoint Protection Platforms (EPPs), or Endpoint Detection and Response (EDR) solutions
NetBIOS Name

The NetBIOS name for the asset.

Network Id

The ID of the network object associated with scanners that identified the asset. The default network ID is 00000000-0000-0000-0000-000000000000. For more information about networks, see Networks.

Operating System

The operating system that a scan identified as installed on the asset.

Qualys Asset ID

The Asset ID of the asset in Qualys. For more information, see the Qualys documentation

This field contains a value only for assets associated with Qualys vulnerabilities you import via the Tenable.io API. For more information, see the Tenable Developer Portal.

Qualys Host ID

The Host ID of the asset in Qualys. For more information, see the Qualys documentation.

This field contains a value only for assets associated with Qualys vulnerabilities you import via the Tenable.io API. For more information, see Tenable Developer Portal.

Scan Frequency

The number of times the asset was scanned within the past 90 days.

ServiceNow Sys ID

The unique record identifier of the asset in ServiceNow. For more information, see the ServiceNow documentation.

Sources

The source of the scan that identified the asset. Possible values are:

  • Agent (Nessus Agent)
  • Nessus (Nessus scan)
  • PVS/NNM (Nessus Network Monitor)
  • WAS (Web Application Scanning)
  • AWS Connector
  • Azure Connector
  • GCP Connector
  • Qualys Connector
SSH Fingerprint

The SSH key fingerprints that scans have associated with the asset record.

Symantec EP Hardware Key

The hardware keys for the asset in Symantec Endpoint Protection.

System Type

The system types as reported by Plugin ID 54615. For more information, see Tenable Plugins.

Tags

Category tags assigned to the asset in Tenable.io. For more information, see Tags.

Tenable UUID

The UUID of the agent present on the asset. This attribute is empty if no agent is present on the asset.

Terminated At

The time and date when a user terminated the virtual machine instance of the asset (for example, in AWS).

Terminated By

The user who terminated the virtual machine instance of the asset.

Updated At

The time and date when the asset record was last updated.