Cloud Misconfigurations

Required Tenable Vulnerability Management User Role: Basic, Scan Operator, Standard, Scan Manager, or Administrator

On the Findings workbench, click the Cloud Misconfigurations tab to view your cloud misconfigurations. Common cloud misconfigurations include unrestricted inbound and outbound ports, credential management and encryption, disabled monitoring and logging, insecure automated backups, and storage access.

The Cloud Misconfigurations tab contains a table with the following columns. To show or hide columns, see Customize Explore Tables.

The types of assets affected, determined by plugin data.

Column	Description
Resource ID	A unique identifier made up of the resource type and the asset name.
Policy Name	The security policy that governs the affected asset.
Policy Group Name	The group associated with the security policy that governs the affected asset.
Severity	The vulnerability's CVSS-based severity. For more information, see CVSS vs. VPR.
Result	The outcome of the vulnerability scan.
Source	The environment where the affected asset runs.
First Seen	The date when a scan first found the vulnerability on an asset.
Last Seen	The date when a scan last found the vulnerability on an asset.
Asset ID	The UUID of the asset where a scan detected the finding. This value is unique to Tenable Vulnerability Management.
Cloud Provider	The name of the cloud provider that hosts the asset.
IaC Resource Type	The Infrastructure as Code (IAC) resource type of the asset.
Resource Name	The name of the asset where the scanner detected the vulnerability. Tenable Vulnerability Management assigns this identifier based on the presence of certain asset attributes in the following order: Agent Name (if agent-scanned) NetBIOS Name FQDN IPv6 address IPv4 address For example, if scans identify a NetBIOS name and an IPv4 address for an asset, the NetBIOS name appears as the Resource Name.
Region	The cloud region where the asset runs.
VPC	The virtual private cloud on which the asset is hosted in AWS.
ARN	The unique Amazon Resource Name for the asset in AWS.
Resource Type	The types of assets affected, determined by plugin data.
Benchmark	The benchmark associated with the finding.
Account ID	The unique identifier assigned to the asset resource in the cloud service that hosts the asset.
Repositories	Any code repositories associated with the asset.
Resource Type	The types of assets affected, determined by plugin data.
Policy Category	The category associated with the security policy that governs the affected asset.
Last Scan Time	The date and time when Tenable Vulnerability Managementlast scanned the asset.
Updated Time	The date and time when a user last updated the asset.
Actions	In this column, click the button to view a drop-down where you can: Export — Export to CSV or JSON, as described in Export from Explore Tables. Generate Report — Generate a report from a template, as described in Reports. View All Findings — View all findings for an asset, as described in View Asset Details.