Access Group Rule Filters
Tenable is retiring access groups. Moving forward, Tenable recommends that you use permissions to manage user and group access to resources on your Tenable Vulnerability Management instance and that you convert your existing access groups into permission configurations. For more information, see Transition to Permission Configurations.
You can use the filters described in the following sections to create rules for access groups. For more information, see:
The last two columns in the following table indicate whether you can use the filter with the Manage Assets or Scan Targets group type.
| Filter | Description | Manage Assets | Scan Targets |
|---|---|---|---|
| AWS Account ID | The canonical user identifier for the Amazon Web Services (AWS) account associated with the asset. For more information, see "AWS Account Identifiers" in the AWS documentation. | yes | no |
| AWS Availability Zone | The name of the Availability Zone where AWS hosts the virtual machine instance. For more information, see "Regions and Availability Zones" in the AWS documentation. | yes | no |
| AWS EC2 AMI ID | The unique identifier of the Linux AMI image in Amazon Elastic Compute Cloud (Amazon EC2). For more information, see the Amazon Elastic Compute Cloud Documentation. | yes | no |
| AWS EC2 Instance ID | The unique identifier of the Linux instance in Amazon EC2. For more information, see the Amazon Elastic Compute Cloud Documentation. | yes | no |
| AWS EC2 Name | The name of the virtual machine instance in Amazon EC2. | yes | no |
| AWS EC2 Product Code | The product code associated with the AMI used to launch the virtual machine instance in Amazon EC2. | yes | no |
| AWS Region | The region where AWS hosts the virtual machine instance, for example, 'us-east-1'. For more information, see "Regions and Availability Zones" in the AWS documentation. | yes | no |
| AWS Security Group | The security group to which you have assigned the virtual machine instance in Amazon EC2. For more information, see Security Groups in the Amazon Virtual Private Cloud User Guide. | yes | no |
| AWS Subnet ID | The unique identifier of the AWS subnet where the virtual machine instance was running at the time of the scan. | yes | no |
| AWS VPC ID | The unique identifier of the public cloud that hosts the AWS virtual machine instance. For more information, see the Amazon Virtual Private Cloud User Guide. | yes | no |
| Azure Resource ID | The unique identifier of the resource in the Azure Resource Manager. For more information, see the Azure Resource Manager Documentation. | yes | no |
| Azure VM ID | The unique identifier of the Microsoft Azure virtual machine instance. For more information, see "Accessing and Using Azure VM Unique ID" in the Microsoft Azure documentation. | yes | no |
| FQDN/Hostname |
One of the following:
|
yes | yes |
| Google Cloud Instance ID | The unique identifier of the virtual machine instance in Google Cloud Platform (GCP). | yes | no |
| Google Cloud Project ID | The customized name of the project to which the virtual machine instance belongs in GCP. For more information, see "Creating and Managing Projects" in the GCP documentation. | yes | no |
| Google Cloud Zone | The zone where the virtual machine instance runs in GCP. For more information, see "Regions and Zones" in the GCP documentation. | yes | no |
| IPv4 Address | An IPv4 address for the asset. For this filter, you can use CIDR notation (e.g., 192.168.0.0/24), a range (e.g., 192.168.0.1-192.168.0.255), or a comma-separated list (e.g., 192.168.0.0, 192.168.0.1). | yes | yes |
| IPv6 Address | An IPv6 address for the asset. | no | yes |
| MAC Address | The MAC address of the asset. | yes | no |
| NetBIOS Name | The NetBIOS name for the asset. | yes | no |
| Network Name | The name of the network to which the asset belongs. | yes | no |
| Operating System | The operating system installed on the asset. | yes | no |
| Qualys Asset ID | The Asset ID of the asset in Qualys. For more information, see the Qualys documentation. | yes | no |
| Qualys Host ID | The Host ID of the asset in Qualys. For more information, see the Qualys documentation. | yes | no |
| ServiceNow Sys ID | The unique record identifier of the asset in ServiceNow. For more information, see the ServiceNow documentation. | yes | no |
Guidelines for Tenable-provided Filters
- When configuring rules for Scan Targets access groups, the asset attribute type must match the target format used in the related scan. For example, if a Scan Targets access group rule filters on the FQDN/Hostname attribute, the related scan succeeds if the scan target is specified in FQDN or hostname format, but fails if the scan target is specified in IPv4 address format.
In Tenable Vulnerability Management, tags allow you to add descriptive metadata to assets that helps you group assets by business context. For more information, see Tags.
You can use the tags you create to assign assets to Manage Assets access groups.
To add a tag filter to a rule:
- In the Category drop-down box, select Tags.
- In the Operator drop-down box, select contains.
- In the text box, type the tag category and value you want to search for in the following format:
Category Name:Value Name - Continue creating rules and/or save the access group as described in Create an Access Group.
Note: Tag categories with 100,000 or more associated values cannot be applied as a rule to access groups.