Web Application Asset Details

On the Assets page, click a web application asset to open a details pane. Then, click to expand the pane.

The header of the Asset Details pane displays the asset name, Asset ID, and data source icons. Below these, cards show one or more of the following metrics. You may not see all cards for every asset.

Card Description
AES

(Requires Tenable One / Tenable Lumin license) The Tenable-defined Asset Exposure Score as an integer from 0 to 1000.

ACR

(Requires Tenable One / Tenable Lumin license) The Tenable-defined Asset Criticality Rating (ACR) is an integer from 1 to 10.

Web Application Properties Attributes detected for the web application, which may include exposure properties (for example, is_public), type properties (for example, has_valid_ssl), and capability properties (for example, supports_login).
Vulnerabilities The number of vulnerabilities identified on the asset.

The lower part of the Asset Details pane is divided into three tabs.

Details

The Details tab contains the following sections with information about the asset.

Section Description
Asset

Information about the asset, including:

  • Licensed — Indicates if the asset counts toward your Tenable license count.
  • Public — Specifies if the asset is on a public network.
  • IPv4 Addresses — The IPv4 addresses for the asset.
  • Sources — The data sources that identified the asset, for example Web Application.
Last Seen

Scan history for the asset, including:

  • Last Seen — The date and time of the most recent scan that identified the asset.
  • Last Licensed Scan — The date and time of the last scan in which the asset was considered "licensed" and counted towards Tenable's license limit. A licensed scan uses non-discovery plugins and can identify vulnerabilities. Unauthenticated scans that run non-discovery plugins update the Last Licensed Scan field, but not the Last Authenticated Scan field. For more information on how licenses work, see Tenable Vulnerability Management Licenses.
  • First Seen — The date and time when a scan first identified the asset.

Findings

The Findings tab displays all findings associated with the asset. The layout matches the Findings page. Fixed, Accepted, and Info findings are hidden by default.

Technologies

The Technologies tab displays technologies detected on the web application. Use the search bar to filter results. The tab contains the following columns.

Column Description
Name The name of the detected technology, for example Apache Tomcat.
CPE ID The Common Platform Enumeration (CPE) string identifying the technology.
Version The version of the technology, if detected.
Last Detected The date and time the technology was last detected on the asset.