Cloud Misconfiguration Details

When you View Finding Details, the Finding Details page varies by finding type. For cloud misconfiguration findings, it includes policy information, a recommended solution, and details on the affected asset.

The Finding Details page for cloud misconfigurations contains the following sections.

Note: Tenable Vulnerability Management hides empty sections, so these may not appear in some cases.

Section Description
Policy Group Name

The name of the cloud policy group associated with the affected finding.

Policy Name

The name of the cloud policy associated with the affected finding.

Solution

A brief summary of how you can remediate the vulnerability. This section appears only if an official solution is available.

Asset Information

Information about the affected asset, including:

  • Asset ID — The UUID of the asset where a scan detected the vulnerability. This value is unique to Tenable Vulnerability Management.

  • Name — The name of the asset where a scan detected the vulnerability. This value is unique to Tenable Vulnerability Management.

  • Project — The cloud project associated with the findings and affected asset.

  • Region — The cloud region on which the asset resides.

  • VPC The unique identifier of the public cloud that hosts the AWS virtual machine instance. Stands for "virtual private cloud."

  • Account ID — The unique identifier assigned to the asset on which a scan detected the finding.

  • Resource Name — The asset identifier.

  • Types — The types of assets affected, determined by plugin data.

  • IaC Resource Type — The Infrastructure as Code (IAC) resource type of the asset.

  • Resource Type — The types of resources affected, determined by plugin data.

  • Has Drift — Indicates whether the asset has any drifts. For more information, see Set up Drift Analysis in the Legacy Tenable Cloud Security User Guide.

  • Is Mapped — Indicates whether the asset is mapped. For more information, see Cloud Scan Workflow in the Legacy Tenable Cloud Security User Guide.

  • Is Real — Indicates whether the affected asset exists in a cloud environment.
  • Cloud Provider — The name of the cloud provider that hosts the resource.

  • Resource ID — The resource ID of the resource.

  • Resource Name — The name of the asset where the scanner detected the vulnerability. Tenable Vulnerability Management assigns this identifier based on the presence of certain asset attributes in the following order:

    • Agent Name (if agent-scanned)
    • NetBIOS Name
    • FQDN
    • IPv6 address
    • IPv4 address
      for example, if scans identify a NetBIOS name and an IPv4 address for an asset, the NetBIOS name appears as the Resource Name.
  • ARN — The unique Amazon resource name for the asset in AWS.

  • Resource Criticality — The criticality rating for the asset according to Container Security, based on the most recent scan.

Additional Information The number of vulnerabilities the policy detected during the scan.
Asset Scan Information

Information about the scan that detected the vulnerability, including:

  • First Seen — The date when a scan first found the vulnerability on an asset.

  • Last Seen — The date when a scan last found the vulnerability on an asset.

  • Last Licensed Scan — The date and time of the last scan in which the asset was considered "licensed" and counted towards Tenable's license limit. A licensed scan uses non-discovery plugins and can identify vulnerabilities. Unauthenticated scans that run non-discovery plugins update the Last Licensed Scan field, but not the Last Authenticated Scan field. For more information on how licenses work, see Tenable Vulnerability Management Licenses.

  • Last Authenticated Scan — The date and time of the last authenticated scan run against the asset. An authenticated scan that only uses discovery plugins updates the Last Authenticated Scan field, but not the Last Licensed Scan field.

  • Source — The source of the scan that detected the vulnerability on the affected asset.

Tags

Tags assigned to the affected asset.

Cloud Misconfiguration Information

Information about the vulnerability finding, including:

  • Finding ID — The unique ID for the individual finding. You can view the ID for a finding by accessing the Findings Details page for the finding and checking the page URL. The finding ID is the alphanumeric text that appears in the path between details and asset.

  • Project — The cloud project associated with the findings and affected asset.

  • Policy Group ID — The type of policy group ID associated with the finding.

  • Policy ID — The unique ID for the cloud policy associated with the affected asset.

  • Rule ID — The rule ID associated with the finding.

  • Environment ID — The environment ID associated with the finding.

  • Severity — A descriptive icon that indicates the CVSS-based severity of the vulnerability. For more information, see CVSS vs. VPR.

  • Result — The result of the finding.

  • Benchmark — The benchmark associated with the finding.

  • Policy Category — The policy category associated with the finding.

  • IaC Type — The Infrastructure as Code (IAC) resource type of the asset.

  • Managed By — The name of the person, group, or company that manages the affected asset.

  • Policy Type — The type of cloud policy associated with the finding.

  • Rule Reference ID — The reference ID for the security rule for which the scanner found a violation.

  • Version — The version associated with the finding.

  • Exists in IAC — Indicates whether the affected asset was created via Infrastructure as Code (IaC).

  • Exists in Cloud — Indicates whether the affected asset exists in a cloud environment.

  • Ignored — Indicates whether Legacy Tenable Cloud Security ignored the policy violation when determining the finding severity.

Cloud Misconfiguration Discovery

Information about when Tenable Vulnerability Management first discovered the vulnerability, including:

  • First Seen — The date when Tenable Vulnerability Management first scanned the affected asset.

  • Last Seen — The date when Tenable Vulnerability Management last scanned the affected asset.

Actions

In the upper-right corner, click the Actions button to view a drop-down where you can:

  • Generate Report — Generate a report from a template, as described in Reports.

  • View All Findings — View all findings for an asset, as described in View Asset Details.