Findings Filters

On the Findings page, you can filter and view analytics for the following findings types:

You can save a set of commonly used filters as a saved filter to access later or share with other members of your team.

Note: To optimize performance, Tenable limits the number of filters that you can apply to any Explore > Findings or Assets views (including Group By tables) to 18.

Note: You can also right-click on values within a table cell to use the Filter By option. For more information, see Right-Click Filtering.

Vulnerabilities Filters

Option	Description
Asset ID	The UUID of the asset where a scan detected the finding. This value is unique to Tenable Vulnerability Management.
Asset Name	The name of the asset where a scan detected the vulnerability. This value is unique to Tenable Vulnerability Management.
Asset Tags	A unique filter that searches tag (category: value) pairs. When you type a tag value, you must use the category: value syntax, including the space after the colon (:). You can use commas (,) to separate values. If there is a comma in the tag name, insert a backslash (\) before the comma. You can add a maximum of 100 tags. For more information, see tags. Note: If your tag name includes double quotation marks (" "), you must use the UUID instead.
Bugtraq ID	The Bugtraq ID for the plugin that identified the vulnerability.
Canvas Exploit	The name of the CANVAS exploit pack that includes the vulnerability.
CERT Advisory ID	The ID of the CERT advisory related to the vulnerability.
CERT Vulnerability ID	The ID of the vulnerability in the CERT Vulnerability Notes Database.
CISA KEV Due Date	The date on which Cybersecurity and Infrastructure Security Agency (CISA) Known Exploitable Vulnerability (KEV) remediation is due, as per Binding Operational Directive 22-01. Searches by the earliest due date for KEVs associated with the plugin. For more information, see the Known Exploited Vulnerabilities Catalog.
CORE Exploit Framework	Indicates whether an exploit for the vulnerability exists in the CORE Impact framework.
CPE	The Common Platform Enumeration (CPE) numbers for vulnerabilities that the plugin identifies. (200 value limit)
CVE	The Common Vulnerability and Exposure (CVE) IDs for the vulnerabilities that the plugin identifies. (200 value limit)
CVSSv2 Base Score	The CVSSv2 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments).
CVSSv2 Temporal Score	The CVSSv2 temporal score (characteristics of a vulnerability that change over time but not among user environments).
CVSSv2 Temporal Vector	CVSSv2 temporal metrics for the vulnerability.
CVSSv2 Vector	The raw CVSSv2 metrics for the vulnerability. For more information, see CVSSv2 documentation.
CVSSv3 Base Score	The CVSSv3 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments).
CVSSv3 Temporal Score	The CVSSv3 temporal score (characteristics of a vulnerability that change over time but not among user environments).
CVSSv3 Temporal Vector	CVSSv3 temporal metrics for the vulnerability.
CVSSv3 Vector	More CVSSv3 metrics for the vulnerability.
CWE	The Common Weakness Enumeration (CWE) for the vulnerability.
Default/Known Account	Indicates whether the plugin that identified the vulnerability checks for default accounts.
Elliot Exploit	The name of the exploit for the vulnerability in the D2 Elliot Web Exploitation framework.
Exploit Database ID	The ID of the vulnerability in the Exploit Database.
Exploitability Ease	A description of how easy it is to exploit the vulnerability.
Exploited By Malware	Indicates whether the vulnerability is known to be exploited by malware.
Exploited By Nessus	Indicates whether Tenable Nessus exploited the vulnerability during the process of identification.
Exploit Hub	Indicates whether an exploit for the vulnerability exists in the ExploitHub framework.
Finding ID	The unique ID for the individual finding. Note: You can view the ID for a finding by accessing the Findings Details page for the findings and checking the page URL. The finding ID is the alpha-numeric text that appears in the path between details and asset.
First Seen	The date when a scan first found the vulnerability on an asset.
IAVA ID	The ID of the information assurance vulnerability alert (IAVA) for the vulnerability.
IAVB ID	The ID of the information assurance vulnerability bulletin (IAVB) for the vulnerability.
IAVM Severity	The severity of the vulnerability in Information Assurance Vulnerability Management (IAVM).
IAVT ID	The ID of the information assurance vulnerability technical bulletin (IAVT) for the vulnerability.
In The News	Indicates whether this plugin has received media attention (for example, ShellShock, Meltdown).
IPv4 Address	The IPv4 address for the affected asset. You can add up to 100 IP addresses to this filter.
IPv6 Address	The IPv6 address for the affected asset.
Last Fixed	The last time a previously detected vulnerability was scanned and noted as no longer present on an asset.
Last Seen	The date when a scan last found the vulnerability on an asset.
Malware	Indicates whether the plugin that identified the vulnerability checks for malware.
Metasploit Exploit	The name of the related exploit in the Metasploit framework.
Microsoft Bulletin	The Microsoft security bulletin that the plugin, which identified the vulnerability, covers.
Original Severity	The vulnerability's CVSS-based severity when a scan first detected the finding. For more information, see CVSS vs. VPR.
OSVDB ID	The ID of the vulnerability in the Open Sourced Vulnerability Database (OSVDB).
Patch Published	The date on which the vendor published a patch for the vulnerability.
Plugin Description	The description of the Tenable plugin that identified the vulnerability.
Plugin Family	The family of the plugin that identified the vulnerability. (200 value limit)
Plugin ID	The ID of the plugin that identified the vulnerability. (200 value limit)
Plugin Modification Date	The date at which the plugin that identified the vulnerability was last modified.
Plugin Name	The name of the plugin that identified the vulnerability.
Plugin Output	Specify a regular expression (regex) value that must appear in the plugin output for all results. Note: The Plugin Output filter must be manually enabled in Settings and cannot be disabled once enabled. For information about how to enable the filter and use it, see Plugin Output filter.
Plugin Published	The date on which the plugin that identified the vulnerability was published.
Plugin Type	The general type of plugin check. Possible options are: Local Remote Local & Remote
Port	Information about the port the scanner used to connect to the asset where the scan detected the vulnerability. (200 value limit)
Protocol	The protocol the scanner used to communicate with the asset where the scan detected the vulnerability.
Risk Modified	The risk modification applied to the vulnerability's severity. Possible options are: Recasted Accepted None For more information, see Recast/Accept Rules.
Scan Origin	The scanner that detected the finding.
Secunia ID	The ID of the Secunia research advisory related to the vulnerability.
See Also	Links to external websites that contain helpful information about the vulnerability.
Severity	The vulnerability's CVSS-based severity. For more information, see CVSS vs. VPR. This filter appears in the filters plane by default, with Critical, High, Medium, and Low selected.
Solution	A brief summary of how you can remediate the vulnerability.
Source	The source of the scan that identified the asset. Possible values are: Agent (Tenable Nessus Agent) Nessus (Tenable Nessus scan) PVS/NNM (Tenable Nessus Network Monitor) WAS (Tenable Web App Scanning) AWS Connector Azure Connector GCP Connector Qualys Connector
State	The state of the vulnerability. For more information, see Vulnerability States. This filter appears in the filters plane by default, with Active and Resurfaced selected.
Stig Severity	The STIG severity associated with the finding.
Synopsis	A brief description of the plugin or vulnerability.
Target Groups	A target group or groups associated with the scan that identified the vulnerability. For more information, see Target Groups.
Unsupported by Vendor	Software found by this plugin is unsupported by the software's vendor (for example, Windows 95 or Firefox 3).
VPR	The Vulnerability Priority Rating Tenable calculated for the vulnerability.
Vulnerability Published	The date when the vulnerability definition was first published (for example, the date that the CVE was published).

Cloud

Cloud Misconfiguration Filters

Option	Description
Filters
Account ID	The unique identifier assigned to the asset resource in the cloud service that hosts the asset on which a scan detected the finding.
ARN	The Amazon Resource Name (ARN) for the asset on which a scan detected the finding.
Asset ID	The UUID of the asset on which a scan detected the finding. This value is unique to Tenable Vulnerability Management.
Benchmark	The benchmark associated with the finding.
Cluster	The cluster associated with the finding.
Created Time	The time and date when Tenable Vulnerability Management created the asset record on which a scan detected the finding.
Criticality	The criticality of the vulnerability finding.
Exists in Cloud	Indicates whether the affected cloud resource exists in a cloud environment.
Exists in IAC	Indicates whether the affected asset was created via Infrastructure as Code (IaC).
Finding ID	The unique ID for the individual finding. Note: You can view the ID for a finding by accessing the Findings Details page for the findings and checking the page URL. The finding ID is the alpha-numeric text that appears in the path between details and asset.
First Seen	The date when Tenable Vulnerability Management first scanned the affected asset.
Found in TF State	Indicates whether or not the finding was discovered in a TF state.
First Seen	The date when Tenable Vulnerability Management first scanned the affected asset.
IaC Resource Type	The Infrastructure as Code (IAC) resource type of the asset.
IaC Type	The Infrastructure as Code (IAC) type of the asset.
Ignored	Indicates whether Tenable Vulnerability Management ignored the policy violation when calculating the finding's severity.
Immutable Drift	Indicates whether the asset has immutable drifts. For more information, see Set up Drift Analysis in the Tenable Cloud Security User Guide.
Is Attribute	Specifies whether the asset is an attribute.
Last Fixed	The date when the finding was last fixed.
Last Scan Time	The date when a scan was last run against the finding.
Last Seen	The date when Tenable Vulnerability Management last scanned the affected asset.
Managed By	The name of the person, group, or company that manages the affected asset.
Policy Category	The policy category associated with the finding.
Policy ID	The unique ID for the cloud policy associated with the affected asset.
Policy Name	The unique ID for the cloud policy associated with the affected asset.
Policy Type	The unique ID for the cloud policy associated with the affected asset.
Project	The project associated with the finding.
Provider	The third-party provider associated with the finding.
Region	The cloud region where the affected asset runs.
Repositories	Any code repositories associated with the affected asset.
Resource Category	The category of the asset resource in the cloud service that hosts the affected asset.
Resource ID	The ID of the asset resource in the cloud service that hosts the affected asset.
Resource Name	The name of the asset resource in the cloud service that hosts the affected asset.
Resource Type	The type of the asset resource in the cloud service that hosts the affected asset.
Result	The outcome of the scan. Possible options are: Failed Passed Unknown
Rule ID	The unique ID for the security rule for which the scanner found a violation.
Rule Reference ID	The reference ID for the security rule for which the scanner found a violation.
Severity	The vulnerability's CVSS-based severity. For more information, see CVSS vs. VPR. This filter appears in the filters plane by default, with Critical, High, Medium, and Low selected.
Source Line	The source line associated with the finding.
Updated Time	The time and date when the asset record was last updated.
Version	The version associated with the finding.
VPC	The unique identifier of the public cloud that hosts the AWS virtual machine instance. For more information, see the Amazon Virtual Private Cloud User Guide.

Host Audit Filters

Option	Description
Filters
Asset ID	The UUID of the asset where a scan detected the finding. This value is unique to Tenable Vulnerability Management.
Asset Name	The name of the asset on which the scanner performed an audit check. This value is unique to Tenable Vulnerability Management.
Asset Tags	A unique filter that searches tag (category: value) pairs. When you type a tag value, you must use the category: value syntax, including the space after the colon (:). You can use commas (,) to separate values. If there is a comma in the tag name, insert a backslash (\) before the comma. You can add a maximum of 100 tags. For more information, see tags. Note: If your tag name includes double quotation marks (" "), you must use the UUID instead.
Audit File	The name of the audit file the scanner used to perform the audit scan.
Audit Name	The name Tenable assigned to the audit.
Control ID	The UUID of the control instance applied on the system that hosts the impacted asset. This value is unique to Tenable Vulnerability Management.
First Audited	The date on which a scan first audited the asset.
Last Audited	The date on which a scan last audited the asset.
Last Fixed	The date when the finding was last fixed.
Plugin Name	The name of the plugin that identified the audit finding.
Result	The outcome of the audit scan. Possible options are: Error Failed Info Passed Skip Unknown Warning This filter appears in the filters plane by default.
Severity	The vulnerability's CVSS-based severity. For more information, see CVSS vs. VPR. This filter appears in the filters plane by default, with Critical, High, Medium, and Low selected.
State	The state of the vulnerability. Possible options are: Active Fixed Resurfaced This filter appears in the filters plane by default, with Active and Resurfaced selected.

Web Application Vulnerabilities Filters

Option	Description
Asset ID	The UUID of the asset where a scan detected the vulnerability. This value is unique to Tenable Vulnerability Management.
Asset Name	The name of the asset where the scanner detected the vulnerability. This value is unique to Tenable Vulnerability Management. This filter appears on the filter plane by default.
Bugtraq ID	The Bugtraq ID for the plugin that identified the vulnerability.
CPE	The Common Platform Enumeration (CPE) numbers for vulnerabilities that the plugin identifies. (200 value limit)
CVE	The Common Vulnerability and Exposure (CVE) IDs for the vulnerabilities that the plugin identifies. (200 value limit)
CVSSv2 Base Score	The CVSSv2 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments).
CVSSv2 Vector	The raw CVSSv2 metrics for the vulnerability. For more information, see CVSSv2 documentation.
CVSSv3 Base Score	The CVSSv3 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments).
CVSSv3 Vector	More CVSSv3 metrics for the vulnerability.
CWE	The Common Weakness Enumeration (CWE) for the vulnerability.
First Seen	The date when a scan first found the vulnerability on an asset.
Input Name	The name of the specific web application component that the vulnerability exploits.
Input Type	The web application component type (for example, form, cookie, header) that the vulnerability exploits.
IPv4 Address	The IPv4 address for the affected asset. You can add up to 100 IP addresses to this filter.
Last Fixed	The date when the finding was last fixed.
Last Seen	The date when a scan last observed the finding.
Original Severity	The vulnerability's CVSS-based severity when a scan first detected the finding. For more information, see CVSS vs. VPR.
OWASP 2010	The Open Web Application Security Project (OWASP) 2010 category for the vulnerability targeted by the plugin.
OWASP 2013	The Open Web Application Security Project (OWASP) 2013 category for the vulnerability targeted by the plugin.
OWASP 2017	The Open Web Application Security Project (OWASP) 2017 category for the vulnerability targeted by the plugin.
OWASP 2021	The Open Web Application Security Project (OWASP) 2021 category for the vulnerability targeted by the plugin.
OWASP API 2019	The Open Web Application Security Project (OWASP) 2019 category for the API vulnerability targeted by the plugin. Possible options are: API1:2019 Broken Object Level Authorization API2:2019 Broken User Authentication API3:2019 Excessive Data Exposure API4:2019 Lack of Resources & Rate Limiting API5:2019 Broken Function Level Authorization API6:2019 Mass Assignment API7:2019 Security Misconfiguration API8:2019 Injection API9:2019 Improper Assets Management API10:2019 Insufficient Logging & Monitoring
Plugin Description	The description of the Tenable plugin that identified the vulnerability.
Plugin Family	The family of the plugin that identified the vulnerability. (200 value limit)
Plugin ID	The ID of the plugin that identified the vulnerability. (200 value limit)
Plugin Modification Date	The date on which the plugin was last modified.
Plugin Name	The name of the plugin that identified the audit finding.
Plugin Published	The date on which the plugin that identified the vulnerability was published.
Risk Modified	The risk modification applied to the vulnerability's severity. Possible options are: Recast Accepted None For more information, see Recast/Accept Rules.
See Also	Links to external websites that contain helpful information about the vulnerability.
Severity	The CVSS score-based severity. For more information, see CVSS Scores vs. VPR in the Tenable Vulnerability Management User Guide. This filter appears in the filters plane by default, with Critical, High, Medium, and Low selected.
Solution	A brief summary of how you can remediate the vulnerability.
State	The state of the vulnerability detected in the finding. For more information, see Vulnerability States. This filter appears in the filters plane by default, with Active and Resurfaced selected.
Url	The complete URL on which the scanner detected the vulnerability. This filter appears in the filters plane by default.
WASC	The Web Application Security Consortium (WASC) category associated with the vulnerability targeted by the plugin.