Host Assets

Required Tenable Vulnerability Management User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

On the Assets workbench, to view only your host assets, select the Hosts tile and deselect other tiles. Common host assets include workstations, servers, virtual machines, printers, network switches, routers, and wireless access points.

The Hosts tile contains a table with the following columns. To show or hide columns, see Customize Explore Tables.

Column Description
Asset ID

The UUID of the asset. This value is unique to Tenable Vulnerability Management.

Name

The asset identifier; assigned based on the presence of certain attributes in the following logical order:

  1. Nessus Agent name
  2. Hostname
  3. WebApp hostname
  4. Container Security Image name
  5. Container Runtime hostname
  6. Cloud Common Resource name
  7. Cloud Common Resource identifier
  8. Cloud Runtime name
  9. Cloud IAC name
  10. Active Directory Asset name
  11. Domain Record hostname

If none of the above attributes are present, then FQDN is selected as the name for the asset.

AES

The Asset Exposure Score of the asset.

ACR

The Asset Criticality Rating of the asset.

IPV4 Address

The IPv4 address for the affected asset.

IPV6 Address

The IPv6 address for the affected asset.

Operating System

The operating system that a scan identified as installed on the asset.

Licensed

Indicates if the asset is licensed within Tenable Vulnerability Management. For more information, see Tenable Vulnerability Management Licenses.

First Seen

The date and time when a scan first identified the asset.

Last Seen

The date when a scan last found the vulnerability on an asset.

Last Licensed Scan

The date and time of the last scan in which the asset was considered "licensed" and counted towards Tenable's license limit. A licensed scan uses non-discovery plugins and can identify vulnerabilities. Unauthenticated scans that run non-discovery plugins update the Last Licensed Scan field, but not the Last Authenticated Scan field. For more information on licensed assets, see Tenable Vulnerability Management Licenses.

Last Authenticated Scan

The date and time of the last authenticated scan run against the asset. An authenticated scan that only uses discovery plugins updates the Last Authenticated Scan field, but not the Last Licensed Scan field.

Source

The source of the scan that identified the asset.

Tags

Tags applied to the asset.

System Type

The operating system installed on the asset.

NetBIOS Name The asset's NetBIOS name.
DNS (FQDN)

The fully qualified domain name of the asset host.

Note: When processing fully qualified domain names (FQDNs) for host assets, Tenable Vulnerability Management normalizes all FQDNs to lowercase and then merges any duplicates.
MAC Address

A MAC address that a scan has associated with the asset record.

ServiceNow Sys ID

Where applicable, the unique record identifier of the asset in ServiceNow. For more information, see the ServiceNow documentation.

Agent Name

The name of the Tenable Nessus agent that scanned and identified the asset.

Created Date

The date and time when Tenable Vulnerability Management created the asset record.

Updated Date

The date and time when Tenable Vulnerability Management last updated the asset record.

Has Plugin Results

Specifies whether the asset has plugin results associated with it.

Public

Specifies whether the asset is available on a public network.

Note: A public asset is within the public IP space and identified by the is_public attribute in the Tenable Vulnerability Management query namespace.

AWS Availability Zone

Where applicable, the AWS availability zone of the asset, as described in the Tenable Vulnerability Management AWS documentation.

AWS EC2 AMI ID Where applicable, the AWS EC2 AMI ID of the asset, as described in the Tenable Vulnerability Management AWS documentation.
AWS EC2 Instance ID Where applicable, the AWS EC2 instance ID of the asset, as described in the Tenable Vulnerability Management AWS documentation.
AWS Security Group Where applicable, the AWS security group of the asset, as described in the Tenable Vulnerability Management AWS documentation.
AWS Instance State Where applicable, the AWS instance state of the asset, as described in the Tenable Vulnerability Management AWS documentation.
AWS Instance Type Where applicable, the AWS instance type of the asset, as described in the Tenable Vulnerability Management AWS documentation.
AWS EC2 Name Where applicable, the AWS EC2 name of the asset, as described in the Tenable Vulnerability Management AWS documentation.
AWS EC2 Product Code Where applicable, the AWS EC2 product code of the asset, as described in the Tenable Vulnerability Management AWS documentation.
AWS Owner ID Where applicable, the AWS owner ID of the asset, as described in the Tenable Vulnerability Management AWS documentation.
AWS Region Where applicable, the AWS region of the asset, as described in the Tenable Vulnerability Management AWS documentation.
AWS Subnet ID Where applicable, the AWS subnet ID of the asset, as described in the Tenable Vulnerability Management AWS documentation.
AWS VPC ID Where applicable, the AWS VPC ID of the asset, as described in the Tenable Vulnerability Management AWS documentation.
Azure Resource ID Where applicable, the AWS resource ID of the asset, as described in the Tenable Vulnerability Management AWS documentation.
Azure VM ID Where applicable, the Azure VM ID of the asset, as described in the Tenable Vulnerability Management Microsoft Azure documentation.
Google Cloud Instance ID Where applicable, the Google cloud instance ID of the asset, as described in the Tenable Vulnerability Management Google Cloud Platform documentation.
Google Cloud Project ID Where applicable, the Google cloud project ID of the asset, as described in the Tenable Vulnerability Management Google Cloud Platform documentation.
Google Cloud Zone Where applicable, the Google cloud zone of the asset, as described in the Tenable Vulnerability Management Google Cloud Platform documentation.
Resource Tags

Specifies the tags or labels that have been imported from the cloud provider. This field appears for assets with source as Cloud Discovery Connector.

Note: Tenable Vulnerability Management imports tags and labels with the following considerations:
  • For AWS and Azure, the limit is 50 tags per resource.

  • For GCP, the limit is 64 labels per resource.

  • Tenable Vulnerability Management does not support importing JSON strings for Azure tags.

Cloud Provider Indicates whether the asset is from AWS, Azure, or GCP.
Actions

In this column, click the button to view a drop-down where you can:

  • Export — Export to CSV or JSON, as described in Export from Explore Tables.

  • Add Tags — Add new tags. In the dialog that appears, choose a Category and Value, as described in Tags.

  • Remove Tags — Remove existing tags. In the dialog that appears, click a tag and click Remove.

  • Edit ACR – (Tenable Lumin-only). Edit the Asset Criticality Rating, as described in Edit the ACR for Host Assets.

  • Move — Move an asset to another network, as described in Move Assets to Another Network.

  • View All Details — View complete details for an asset, as described in View Asset Details.

  • View All Details in New Tab — View complete details for an asset in a new browser tab.

  • View All Solutions — View available solutions for asset vulnerabilities, as described in Solutions.

  • Delete — Permanently delete an asset, as described in Delete Assets.