Vulnerability Analysis Filter Components

For general information about constructing filters, see Filters.

Filter Component Availability Description

Accept Risk

Cumulative View

Display vulnerabilities based on their Accepted Risk workflow status. Available choices include Accepted Risk or Non-Accepted Risk. Choosing both options displays all vulnerabilities regardless of acceptance status.

Address

All

This filter specifies an IPv4 or IPv6 address, range, or CIDR block to limit the viewed vulnerabilities. For example, entering 198.51.100.28/24 and/or 2001:DB8::/32 limits any of the web tools to only show vulnerability data from the selected network(s). Addresses can be comma separated or separate lines.

Agent ID All

Displays results matching the specified agent UUID (Tenable UUID). An agent UUID uniquely identifies:

  • Agent-detected assets that may share a common IP address.
  • Tenable.ot assets that may not have an IP address. For more information, see Tenable.ot Instances.

Application CPE

All

Allows a text string search to match against available CPEs. The filter may be set to search based on a contains, Exact Match, or Regex Filter filter. The Regex Filter is based on Perl-compatible regular expressions (PCRE).

Asset

All

This filter displays systems from the assets you select. If more than one asset contains the systems from the primary asset (i.e., there is an intersect between the asset lists), those assets are displayed as well.

The operators NOT, OR, and AND may be used to exclude unwanted assets from the view.

Audit File

All

This filter displays vulnerabilities detected when a scan was performed using the chosen .audit file.

CCE ID

All

Displays results matching the entered CCE ID.

CVE ID

All

Displays vulnerabilities based on one or more CVE IDs. Type multiple IDs as a comma-separated list (e.g., CVE-2011-3348,CVE-2011-3268,CVE-2011-3267).

CVSS v2 Score

All

Displays vulnerabilities within the chosen Common Vulnerability Scoring System version 2 (CVSS v2) score range.

CVSS v2 Vector

All

Filters results based on a search against the CVSS v2 vector information.

CVSS v3 Score All Displays vulnerabilities within the chosen Common Vulnerability Scoring System version 3 (CVSS v3) score range.
CVSS v3 Vector All

Filters results based on a search against the CVSS v3 vector information.

Cross References

All

Filters results based on a search against the cross reference information in a vulnerability.

Data Format All Displays results matching the specified data type: IPv4, IPv6, or Agent.

DNS Name

All

This filter specifies a DNS name to limit the viewed vulnerabilities. For example, entering host.example.com limits any of the web tools to only show vulnerability data from that DNS name.

Exploit Available

All

If set to yes, displays only vulnerabilities for which a known public exploit exists.

Exploit Frameworks

All

When set, the text option can be equal to or contain the text entered in the option.

IAVM ID

All

Displays vulnerabilities based on one or more IVAM IDs. Type multiple IDs as a comma-separated list (e.g., 2011-A-0005,2011-A-0007,2012-A-0004).

MS Bulletin ID

All

Displays vulnerabilities based on one or more Microsoft Bulletin IDs. Type multiple IDs as a comma-separated list (e.g., MS10-012,MS10-054,MS11-020).

Mitigated

All

Display vulnerabilities for a specific mitigation status:

  • Previously Mitigated — the vulnerability was previously mitigated but it reappeared in a scan and is currently vulnerable
  • Never Mitigated — the vulnerability is currently vulnerable and has never been mitigated

For more information about mitigation, see Mitigated Vulnerabilities.

Output Assets

Asset Summary Analysis Tool

This filter displays only the desired asset list systems.

Patch Published

All

Some plugins contain information about when a patch was published for a vulnerability. This filter allows the user to search based on when a vulnerability's patch became available:

  • None (displays vulnerabilities that do not have a patch available)
  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Current Month
  • Last Month
  • Current Quarter (during the current calendar year quarter)
  • Last Quarter (during the previous calendar year quarter)
  • Custom Range (during a specific range you specify)
  • Explicit (at a specific time you specify)

Plugin Family

All

This filter chooses a Nessus or NNM plugin family. Only vulnerabilities from that family display.

Plugin ID

All

Type the plugin ID desired or range based on a plugin ID. Available operators are equal to (=), not equal to (!=), greater than or equal (>=) and less than or equal to (<=).

Plugin Modified

All

Tenable plugins contain information about when a plugin was last modified. This filter allows users to search based on when a particular plugin was modified:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Current Month
  • Last Month
  • Current Quarter (during the current calendar year quarter)
  • Last Quarter (during the previous calendar calendar year quarter)
  • Custom Range (during a specific range you specify)
  • Explicit (at a specific time you specify)

Plugin Name

All

Using the Contains option, type all or a portion of the actual plugin name. For example, entering MS08-067 in the plugin name filter displays vulnerabilities using the plugin named MS08-067: Microsoft Windows Server Service Crafted RPC Request Handling Remote Code Execution (958644) (uncredentialed check). Similarly, entering the string uncredentialed displays a list of vulnerabilities with that string in the plugin name.

Using the Regex Match option regex options may be used to filter on the Plugin Name.

Plugin Published

All

Tenable plugins contain information about when a plugin was first published. This filter allows users to search based on when a particular plugin was created:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Current Month
  • Last Month
  • Current Quarter (during the current calendar year quarter)
  • Last Quarter (during the previous calendar year quarter)
  • Custom Range (during a specific range you specify)
  • Explicit (at a specific time you specify)

Plugin Type

All

Select whether to view all plugin types or passive, active, event, or compliance vulnerabilities.

Port

All

This filter is in two parts. First the equality operator is specified to allow matching vulnerabilities with the same ports, different ports, all ports less than or all ports greater than the port filter. The port filter allows a comma separated list of ports. For the larger than or less than filters, only one port may be used.

Note: All host-based vulnerability checks are reported with a port of 0 (zero).

Protocol

All

This filter provides boxes to select TCP, UDP, or ICMP-based vulnerabilities.

Recast Risk

Cumulative View

Display vulnerabilities based on their Recast Risk workflow status. Available choices include Recast Risk or Non-Recast Risk. Choosing both options displays all vulnerabilities regardless of recast risk status.

Repositories

All

Display vulnerabilities from the chosen repositories.

STIG Severity All Display vulnerabilities with the chosen STIG severity in the plugins database.

Scan Policy Plugins

All

Display vulnerabilities found by the currently enabled plugins in the scan policy. For more information, see Plugins Options.

Severity

All

Displays vulnerabilities with the selected severity. For more information, see CVSS vs. VPR.

Users

All

Allows selection of one or more users who are responsible for the vulnerabilities.

Vulnerability Discovered

All

Tenable.sc tracks when each vulnerability was first discovered. This filter allows you to see when vulnerabilities were discovered:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Current Month
  • Last Month
  • Current Quarter (during the current calendar year quarter)
  • Last Quarter (during the previous calendar year quarter)
  • Custom Range (during a specific range you specify)
  • Explicit (at a specific time you specify)

Note: The discovery date is based on when the vulnerability was first imported into Tenable.sc. For NNM, this date does not match the exact vulnerability discovery time as there is normally a lag between the time that NNM discovers a vulnerability and the import occurs.

Note: Days are calculated based on 24-hour periods prior to the current time, not calendar days. For example, if the report run time was 1/8/2019 at 1:00 PM, using a 3-day count would include vulnerabilities starting 1/5/2019 at 1:00 PM and not from 12:00 AM.

Vulnerability Last Observed

Cumulative View

This filter allows the user to see when the vulnerability was last observed by Nessus, LCE, or NNM:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Current Month
  • Last Month
  • Current Quarter (during the current calendar year quarter)
  • Last Quarter (during the previous calendar year quarter)
  • Custom Range (during a specific range you specify)
  • Explicit (at a specific time you specify)

Note: The observation date is based on when the vulnerability was most recently imported into Tenable.sc. For NNM, this date does not match the exact vulnerability discovery as there is normally a lag between the time that NNM discovers a vulnerability and the import occurs.

Vulnerability Mitigated

Mitigated View

This filter allows the user to filter results based on when the vulnerability was mitigated:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Current Month
  • Last Month
  • Current Quarter (during the current calendar year quarter)
  • Last Quarter (during the previous calendar year quarter)
  • Custom Range (during a specific range you specify)
  • Explicit (at a specific time you specify)
Vulnerability Priority Rating (VPR) All

Displays vulnerabilities within the chosen VPR range. For more information, see CVSS vs. VPR.

Tip: The Vulnerability Analysis page displays vulnerabilities by plugin. The VPR that appears is the highest VPR of all the vulnerabilities associated with that plugin.

Vulnerability Published

All

When available, Tenable plugins contain information about when a vulnerability was published. This filter allows users to search based on when a particular vulnerability was published:

  • Within the last day
  • Within the last 7 days
  • Within the last 30 days
  • More than 7 days ago
  • More than 30 days ago
  • Current Month
  • Last Month
  • Current Quarter (during the current calendar year quarter)
  • Last Quarter (during the previous calendar year quarter)
  • Custom Range (during a specific range you specify)
  • Explicit (at a specific time you specify)

Vulnerability Text

All

Displays vulnerabilities containing the entered text (e.g., php 5.3) or regex search term.