View WAS Scan Details

Required Additional License: Tenable.io Web Application Scanning

Required Tenable.io Web Application Scanning User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

Required Scan Permissions: Can View

Note: This topic describes the process for viewing scan results in the new interface only.

If you activate the new interface, you can view scan results as follows:

  • For scans run based on historical scan configurations, view results in either interface.

  • For scans run based on new scan configurations, view results in the new interface only.

You can view scan results for web application scans you own or that the scan owners have shared with you.

Note: After Tenable.io completes the scan, it can take up to 10 minutes for the scan results to appear in the dashboard.

To view scan details for an individual web application scan:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. In the left navigation plane, in the Web App Scanning section, click Scans.

    The Web Application Scanning Scans page appears.

    Note: If your Tenable.io Web Application Scanning license expires, your web application scans no longer appear in the scans table.

  3. In the Folders section, click a folder to load the scans you want to view.

    The scans table updates to display the scans in the folder you selected.

  4. In the scans table, click the scan where you want to view details.

    The Scan Details page appears. By default, this page displays details of the latest run of the scan.

  5. Do any of the following:

    Section Action
    Table header
    • Edit the scan configuration.
    • Move a scan to the trash folder.
    Severity summaries

    For the scan job currently displayed, view the number of vulnerabilities with a Critical, High, Medium, or Low vulnerability severity.

    Findings  
    Scan Details section

    For the scan job currently displaying, view the following details:

    • Status — The status of the scan.
    • Start Time — The start date and time for the scan.
    • Template — The scan template you used to configure and run the scan.
    • End Time — The end date and time for the scan.
    • Scanner — The scanner that performed the scan.
    • Target — The target the scan evaluated.

    Vulns by Plugin tab

    For the scan job currently displayed, view vulnerability data, organized by plugin.

    On this tab, you can:

    • View information about each vulnerability:
      • Severity icon — The severity of the vulnerability.
      • Name — The name of the vulnerability, as defined in the Common Vulnerabilities and Exposures (CVE) system.
      • Family — The plugin family.
      • Vulnerabilities — The number of vulnerability instances.

        Tip: A vulnerability instance is a single instance of a vulnerability appearing on an asset, identified uniquely by the vulnerable URL and the input used to identify the vulnerability.

    • To sort, increase or decrease the number of rows per page, or navigate to another page of the table, see Tenable.io Tables.
    • To view vulnerability details, click the row for that vulnerability.

      The Vulnerability Details page appears.

      From the Vulnerabilities Details page, you can view plugin attachments for more information about each plugin.

    Notes tab

    For the scan job currently displayed, view the scan notes that Tenable.io Web Application Scanning generates to provide context about your scan's success and efficiency.

    The Notes tab appears and displays scan notes only if the scanner identifies information during the scan that can help you configure your scan for more effective results.

    On this tab, you can:

    • View information about the scan notes:
      • Severity — Metric used to quantify how significant the finding is for the scan's performance, displayed as Critical, High, Medium, Low, or Info. For information about scan notes vulnerability metrics, see Scan Notes Severity Details in WAS.

      • Scan Notes — Descriptive title for the scan note.
      • Description — Detailed information about the scan findings, along with troubleshooting advice and suggestions to improve your overall scan quality.

    History tab

    View the scan history.

    This tab contains a table listing each time the scan has run. For the scan run currently displaying in the Scan Details page, Tenable.io adds the label Current to the run. By default, the latest scan run is labeled Current.

    Note: Scan history is unavailable for imported scans and for configured scans that have not yet run.

    On this tab, you can:

    • View summary information about each time the scan was run:
      • Created At — The start date and time the scan was created.
      • Start Time — The start date and time the scan was started by the scanner.
      • End Time — The end date and time the scan was completed.
      • Duration — The duration of the scan.

        Note: The Duration time span includes the time Tenable.io Web Application Scanning takes to run the scan and process the results, as well as any time the scan spent in Pending status.

        As a result, Duration time differs from the Overall Max Scan Time you specified in the Advanced settings, which applies only to the scan run time.

      • Status — The status of the scan.
    • Filter the data displayed in the table.
    • Sort or navigate to another page of the table. For more information, see Tenable.io Tables.
    • View details for a historical scan by clicking a scan job row in the table.
    • Tenable.io Web Application Scanning marks the scan job you selected as Current and updates the Scan Details section to show data for the selected job.