Asset Filters
On the Assets page, in the upper area, use the Query Builder to build custom queries that display the assets you need to see. You can use up to 35 filters in a custom query.
The following table defines the filters you can use. Not all filters are relevant for all asset types.
| Filter | Description |
|---|---|
| Account ID | The unique identifier assigned to the account. |
| ACR |
(Requires Tenable One or Tenable Lumin license) The Tenable-defined Asset Criticality Rating (ACR) as an integer from 1 to 10. |
| ACR V3 (Beta) |
(Requires Tenable One or Tenable Lumin license) The Tenable-defined Asset-Criticality Rating using a new algorithm based on asset profile, which assigns assets to classes by business and device function. This metric rates the importance of an asset to your organization from 1 to 10, with higher numbers for more critical assets. For more information, see Scoring and Asset Criticality Rating. |
| ACR Severity |
(Requires Tenable One or Tenable Lumin license) The ACR category of the ACR calculated for the asset. |
| AES |
(Requires Tenable One or Tenable Lumin license) The Tenable-defined Asset Exposure Score as an integer from 0 to 1000. |
| AES V3 (Beta) |
(Requires Tenable One or Tenable Lumin license) The Tenable-defined Asset Exposure Score using a new algorithm. This metric weighs an asset's Vulnerability Priority Rating (VPR) and Asset Criticality Rating (ACR) and then assigns a number from 1 to 1000, with higher numbers for more exposed assets. For more information, see Scoring (Beta). |
| AES Severity |
(Requires Tenable One or Tenable Lumin license) The ACR category of the ACR calculated for the asset. |
| Agent Name | The name of the Tenable Nessus agent that scanned and identified the asset. |
| ASN | The Autonomous System Number (ASN) for the asset. |
| Assessed vs. Discovered |
Specifies if the system scanned the asset for vulnerabilities or only identified it on a discovery scan. Possible values are Assessed or Discovered Only. |
| Asset ID |
The asset's unique identifier. |
| AWS Availability Zone |
The name of the Availability Zone where AWS hosts the virtual machine instance. For more information, see Regions and Zones in the AWS documentation. |
| AWS EC2 AMI ID |
The unique identifier of the Linux AMI image in Amazon Elastic Compute Cloud (Amazon EC2). For more information, see the Amazon Elastic Compute Cloud Documentation. |
| AWS EC2 Instance ID |
The unique identifier of the Linux instance in Amazon EC2. For more information, see the Amazon Elastic Compute Cloud Documentation. |
| AWS EC2 Name |
The name of the virtual machine instance in Amazon EC2. |
| AWS EC2 Product Code |
The product code associated with the AMI used to launch the virtual machine instance in Amazon EC2. |
| AWS Instance State |
The state of the virtual machine instance in AWS at the time of the scan. For possible values, see InstanceState in the Amazon Elastic Compute Cloud Documentation. |
| AWS Instance Type |
The type of virtual machine instance in Amazon EC2. Amazon EC2 instance types dictate the specifications of the instance (for example, how much RAM it has). For a list of possible values, see Amazon EC2 Instance Types in the AWS documentation. |
| AWS Owner ID |
A UUID for the Amazon AWS account that created the virtual machine instance. This attribute only appears for Amazon EC2 instances. For more information, see View AWS Account Identifiers in the AWS documentation |
| AWS Region |
The region where AWS hosts the virtual machine instance, for example, us-east-1. |
| AWS Security Group |
The AWS security group (SG) associated with the Amazon EC2 instance. |
| AWS Subnet ID |
The unique identifier of the AWS subnet where the virtual machine instance was running at the time of the scan. |
| AWS VPC ID |
The unique identifier of the public cloud that hosts the AWS virtual machine instance. For more information, see the Amazon Virtual Private Cloud Documentation. |
| Azure Location | The location of the resource in the Azure Resource Manager. For more information, see the Azure Resource Manager documentation. |
| Azure Resource Group | The name of the resource group in the Azure Resource Manager. For more information, see the Azure Resource Manager documentation. |
| Azure Resource ID |
The unique identifier of the resource in the Azure Resource Manager. For more information, see the Azure Resource Manager documentation. |
| Azure Resource Type | The resource type of the resource in the Azure Resource Manager. For more information, see the Azure Resource Manager documentation. |
| Azure Subscription ID | The unique subscription identifier of the resource in the Azure Resource Manager. For more information, see the Azure Resource Manager documentation. |
| Azure VM ID |
The unique identifier of the Microsoft Azure virtual machine instance. For more information, see the Azure Resource Manager documentation. |
| BIOS ID |
The NetBIOS name for the asset. |
| Cloud Provider |
The name of the cloud provider that hosts the asset. |
| Created Date | The date and time when Tenable Vulnerability Management created the asset record. |
| Custom Attribute |
A filter that searches for custom attributes via a category-value pair. For more information about custom attributes, see the Tenable Developer Portal. |
| Device Class |
The class of device, for example Compute and Application Server. Device Classes have Subclasses. |
| Device Subclass |
The subclass of the device, for example Business Intelligence Platform or KVM Switch. Device Subclasses fall under Classes. |
| DNS (FQDN) |
The fully-qualified domain name of the host that the vulnerability was detected on. |
| Domain | The domain to which the asset belongs. |
| First Seen |
The date and time when a scan first identified the asset. |
| Google Cloud Instance ID |
The unique identifier of the virtual machine instance in Google Cloud Platform (GCP). |
| Google Cloud Project ID |
The customized name of the project to which the virtual machine instance belongs in GCP. For more information, see Creating and Managing Projects in the GCP documentation. |
| Google Cloud Zone |
The zone where the virtual machine instance runs in GCP. For more information, see Regions and Zones in the GCP documentation. |
| Has Plugin Results |
Specifies whether the asset has plugin results associated with it. |
| Host Name (Domain Inventory) | The host name for assets found during attack surface management scans; only for use with Domain Inventory assets. |
| Hosting Provider | The hosting provider for the asset. |
| Installed Software |
A list of Common Platform Enumeration (CPE) values that represent applications identified on an asset from a scan. This field supports the CPE 2.2 format. For more information, see the Component Syntax section of the CPE Specification documentation. For assets identified in Tenable scans, this field only contains data when a scan using Tenable Nessus Plugin 45590 has evaluated the asset. |
| IPV4 Address |
The IPv4 address associated with the asset record. |
| IPV6 Address |
The IPv6 address associated with the asset record. |
| Is Attribute | Specifies whether the asset is an attribute. |
| Is Auto Scale | Specifies whether the asset scales automatically. |
| Is Unsupported | Specifies whether the asset is unsupported in Tenable Vulnerability Management. |
| Last Authenticated Scan |
The date and time of the last authenticated scan run against the asset. An authenticated scan that only uses discovery plugins updates the Last Authenticated Scan field, but not the Last Licensed Scan field. |
| Last Licensed Scan |
The date and time of the last scan in which the asset was considered "licensed" and counted towards Tenable's license limit. A licensed scan uses non-discovery plugins and can identify vulnerabilities. Unauthenticated scans that run non-discovery plugins update the Last Licensed Scan field, but not the Last Authenticated Scan field. For more information on how licenses work, see Tenable Vulnerability Management Licenses. |
| Last Seen |
The date and time at which the asset was last observed as part of a scan. |
| Licensed |
Specifies whether the asset is included in the asset count for the Tenable Vulnerability Management instance. |
|
MAC Address |
A MAC address that a scan has associated with the asset record. |
| Mitigated | Specifies whether a scan has identified mitigation software on the asset. |
| Mitigation Last Detection | The date and time of the scan that last identified mitigation software on the asset. |
| Mitigation Product Name | The name of the mitigation software identified on the asset. Tenable Lumin defines mitigations as security agent software running on endpoint assets, which include antivirus software, Endpoint Protection Platforms (EPPs), or Endpoint Detection and Response (EDR) solutions. |
| Mitigation Vendor Name | The name of the vendor for the mitigation that a scan identified on the asset. |
| Mitigation Version | The version of the mitigation that a scan identified on the asset. |
| Name |
The asset identifier, assigned based on the availability of the following attributes in order: Agent name, NetBIOS name, Local hostname, Fully Qualified Domain Name (FQDN), IPv4 address, and IPv6 address. |
| NetBIOS Name |
The NetBIOS name for the asset. |
| Network | The name of the network object associated with scanners that identified the asset. The default name is Default. For more information, see Networks. |
| Operating System |
The operating system that a scan identified as installed on the asset. |
| Operating System (WAS) | The operating system that a Tenable Web App Scanning scan identified as installed on the asset. |
| OS Category | The operating system category that a scan detected as installed on the asset, for example MacOS. |
| Port |
Search your hosts or domain inventory by port values or ranges for assets with a relationship to that port. For example, assets with port 80. If you import data from Tenable Attack Surface Management, those ports also appear. |
| Port Last Detected Open | Filter for all assets that had detected open ports as of a date or a date range you specify. For the best results, combine with the Ports filter. |
| Public |
Specifies whether the asset is available on a public network. A public asset is within the public IP space and identified by the is_public attribute in the Tenable Vulnerability Management query namespace. |
| Record Type | The asset type. |
| Scan Frequency |
The number of times the asset was scanned within the past 90 days. |
| ServiceNow Sys ID |
Where applicable, the unique record identifier of the asset in ServiceNow. For more information, see the ServiceNow documentation. |
| Source |
The source of the scan that identified the asset. Possible values include AWS, AWS FA, Azure, AZURE FA, Cloud Connector, Cloud IAC, Cloud Runtime, GCP, Nessus Agent, Nessus Scan, NNM, ServiceNow, and WAS. |
| SSL/TLS | Specifies whether the application on which the asset is hosted uses SSL/TLS public-key encryption. |
| System Type |
The system types as reported by Plugin ID 54615. For more information, see Tenable Plugins. |
| Tags |
Asset tags, entered in pairs of category and value (for example Network: Headquarters). This includes the space after the colon (:). If there is a comma in the tag name, insert a backslash (\) before the comma. If your tag name includes double quotation marks (" "), use the UUID instead. You can add a maximum of 100 tags. For more information, see Tags. |
| Target Groups |
The target group to which the asset belongs. This attribute is empty if the asset does not belong to a target group. For more information, see Target Groups. |
| Tenable ID |
The UUID of the asset in Tenable Vulnerability Management. |
| Tenable.sc Host ID | The unique ID of an asset which was imported from Tenable Security Center. |
| Type |
The system type on which the asset is managed. Possible options are Cloud Resource, Container, Host, and Cloud. |
| Updated Date | The last date when new information about an asset was added to the system. |