Vulnerability Analysis Tools

On the Vulnerability Analysis page, you can use the drop-down box to select the vulnerability analysis tool you want to view.

To perform a common type of vulnerability analysis, see View Vulnerabilities by Plugin or View Vulnerabilities by Host.

Analysis Tool Description

IP Summary

Summarizes host information, organized by IP address/agent ID. You can click the IP Address info to view host details, as described in View Host Details.

For more information, see View Vulnerabilities by Host.

Class A Summary

Class B Summary

Class C Summary

Summarizes host information.

The vulnerability score for an address is computed by adding up the number of vulnerabilities at each severity level and multiplying it with the organization’s severity score.

Starting out with a Class A or Class B summary can identify more active network ranges for networks with a large number of active IP addresses.

You can click a Class A or Class B row to view the Class B or Class C tool, filtered by the asset list you selected. You can click a Class C row to view the IP Summary tool, filtered by the asset list you selected.

Asset Summary

This tool summarizes the scores and counts of vulnerabilities for all dynamic or static asset lists.

A breakdown of each asset’s specific vulnerabilities and counts for each severity level is also included.

You can click a count to view the IP Summary tool, filtered by the asset list you selected.

CCE Summary

This displays a summary of hosts which have Common Configuration Enumeration (CCE) vulnerabilities.

You can click a count to view the Vulnerability Summary tool, filtered by the CCE vulnerability you selected.

CVE Summary

This view groups vulnerabilities based on their CVE ID, Hosts Total, and vulnerability count.

DNS Name Summary

Tenable.sc includes the ability to summarize information by vulnerable DNS name. The DNS Name Summary lists the matching hostnames, the repository, vulnerability count, and a breakdown of the individual severity counts.

You can click a DNS name to view the Vulnerability List tool, filtered by the DNS name you selected.

List Mail Clients

Tenable.sc uses NNM to determine a unique list of email clients. The list contains the email client name, count of detections, and the detection method.

You can click a count to view the IP Summary tool, filtered by the email client you selected.

List OS

Tenable.sc understands both actively and passively fingerprinted operating systems. This tool lists what has been discovered.

The method (active, passive, or event) of discovery is also indicated.

You can click a count to view the IP Summary tool, filtered by operating system.

List Services

Tenable.sc processes information from scans and creates a summary of unique services discovered. The service discovered, count of hosts, and detection method are listed.

You can click a service to view the IP Summary tool, filtered by the service you selected.

List SSH Servers

This tool utilizes active and passive scan results to create a unique list of known SSH servers. The list contains the ssh server name, count of detections, and the detection method.

Tip: Not all SSH servers run on port 22. Do not be surprised if you encounter SSH servers running on unexpected ports.

You can click a count to view the IP Summary tool, filtered by the SSH server you selected.

List Software

Tenable.sc processes information from scans and creates a summary of unique software packages discovered. The software name, count of hosts, and detection method are listed.

You can click a software name to view the IP Summary tool, filtered by the software you selected.

List Web Clients

Tenable.sc understands NNM plugin ID 1735, which passively detects the web client in use. This tool lists the unique web clients detected. The list contains the user-agents, count of detections, and the detection method.

You can click a count to view the IP Summary tool, filtered by the web client you selected.

List Web Servers

This tool takes the passive output from passive and active scans to create a unique list of known web servers. The list contains the web server name, count of detections, and the detection method.

Tip: Not all web servers run on port 80 or 443. Do not be surprised if you encounter web servers running on unexpected ports.

You can click a count to view the IP Summary tool, filtered by the web server you selected.

MS Bulletin Summary

This tool filters vulnerabilities based on Microsoft Bulletin ID. Displayed are the IDs, Vulnerability Totals, Host Total, and Severity. This view is particularly useful in cases where Microsoft releases a new bulletin and a quick snapshot of vulnerable hosts is required.

Plugin Family Summary

This tool charts the Nessus, NNM, or Event plugin family as well as their relative counts based on severity level for all matching vulnerabilities.

You can click a count to view the Vulnerability List tool, filtered by the plugin family you selected.

Port Summary

A summary of the ports in use is displayed for all matched vulnerabilities. Each port has its count of vulnerabilities as well as a breakdown for each severity level.

You can click a port to view the IP Summary tool, filtered by the port you selected.

Protocol Summary

This tool summarizes the detected IP protocols such as TCP, UDP, and ICMP. The tool also breaks out the counts for each protocol’s severity levels.

You can click a count to view the IP Summary tool, filtered by the count you selected.

Remediation Summary

The Remediation Summary tool provides a list of remediation actions that may be taken to prioritize tasks that have the greatest effect to reduce vulnerabilities in systems. This list provides a solution to resolve a particular CPE on a given OS platform. The data provided includes:

  • Risk Reduction — The percent you would reduce your risk by addressing the vulnerability in the solution. Tenable.sc calculates the risk reduction percentage by dividing the score of the vulnerabilities in the solution by the score of all of the vulnerabilities on your network.
  • Hosts Affected — The number of unique hosts that would be affected by performing the remediation action.
  • Vulnerabilities — The count of vulnerabilities (Nessus plugins) that would be remediated by performing the remediation action.
  • Score — This is calculated by adding up the score for each vulnerability that would be remediated by performing the remediation action.
  • CVE — The number of distinct CVEs that would be remediated by performing the remediation action.
  • MS Bulletin — The number of unique MS Bulletins that would be remediated by performing the remediation action.
  • Vulnerability % — The count of vulnerabilities (Nessus plugins) that would be remediated by performing the remediation action over the total vulnerability count returned by the query as a percentage.

Severity Summary

This tool considers all of the matching vulnerabilities and then charts the total number of info, low, medium, high, and critical vulnerabilities.

You can click a count to view the Vulnerability Summary tool, filtered by the severity you selected.

User Responsibility Summary

This displays a list of the users who are assigned responsibility for the vulnerability based on the user’s assigned asset list. Multiple users with the same responsibility are displayed on the same line. Users without any assigned responsibilities are not displayed in the list. Tenable.sc populates this list after you assign an asset to a user account.

Vulnerability Detail List

Displays the details for a specific vulnerability instance on your network.

Tip: A vulnerability instance is a single instance of a vulnerability appearing on an asset, identified uniquely by plugin ID, port, and protocol.

Important options include CVSS v2/CVSS v3 score, CVSS v2/CVSSv3 temporal score, VPR, VPR key drivers, availability of public exploit, CVE, BID, synopsis, description, and solution.

For more information, see View Vulnerability Instance Details.

Vulnerability List

Displays a table of all vulnerability instances found on your network, organized by plugin ID.

Tip: A vulnerability instance is a single instance of a vulnerability appearing on an asset, identified uniquely by plugin ID, port, and protocol.

For more information, see View Vulnerabilities by Plugin.

Vulnerability Summary

Displays a table of all plugins associated with vulnerabilities on your network, organized by plugin ID.

For more information, see View Vulnerabilities by Plugin.