Findings Columns
On the Findings tab in Explore, you can view the findings in your environment broken down into categories including vulnerabilities, the results of host audits, and web application findings.
The Findings tab has the following columns, which you can show or hide as described in Use Tables. When displaying columns or exporting values for a finding, the available column names vary by finding type. This table clarifies the columns you can display or export for each respective finding type.
| Column | Finding Type(s) | Description |
|---|---|---|
| Account ID | Vulnerabilities |
The unique identifier assigned to the asset resource in the cloud service that hosts the asset. |
| ACR | Vulnerabilities |
(Requires Tenable One or Tenable Lumin license) The Tenable-defined Asset Criticality Rating (ACR) as an integer from 1 to 10. |
| AES | Vulnerabilities |
(Requires Tenable One or Tenable Lumin license) The Tenable-defined Asset Exposure Score as an integer from 0 to 1000. |
| AI/LLM Tools | Vulnerabilities, Web Application Findings |
Indicates an informational finding about artificial intelligence services running on an asset. Hover on the AI/LLM Tools column to view details. |
| Asset ID | All |
The UUID of the asset where a scan detected the finding. This value is unique to Tenable Vulnerability Management. |
| Asset Name | All |
The name of the asset. This value is unique to Tenable Vulnerability Management. |
| Audit File | Host Audits |
The name of the audit file the scanner used to perform the compliance check. |
| Audit Name | Host Audits |
The name of the compliance check the scanner performed on the affected asset. |
| Control ID | Host Audits |
An ID for correlating results with other results that meet a certain benchmark recommendation. You can use this filter to identify checks in the audit portal. |
| CVSSv2 Base Score | Vulnerabilities, Web Application Findings |
The CVSSv2 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments). Tenable Vulnerability Management shows the CVSSv2 or CVSSv3 column depending on the Vulnerability Severity Metric setting. |
| CVSSv3 Base Score | Vulnerabilities, Web Application Findings |
The CVSSv3 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments). Tenable Vulnerability Management shows the CVSSv2 or CVSSv3 column depending on the Vulnerability Severity Metric setting. |
| CVSSv4 Base Score | Vulnerabilities, Web Application Findings |
The CVSSv4 base score (intrinsic and fundamental characteristics of a vulnerability that are constant over time and user environments). To learn more, see the CVSSv4 specification. |
| Description | All | If present, a description of the vulnerability corresponding to the finding. |
| EPSS | Vulnerabilities | EPSS Score. The percentage likelihood that a vulnerability will be exploited in the wild. |
| Finding ID | Host Audits, Web Application Findings | A unique identifier for a security issue. Each security issue identified by Tenable One is assigned a unique Finding ID. This ID helps to track and manage individual findings throughout their lifecycle. |
| Fix | Vulnerabilities | The fix available for the detected vulnerability. |
| Fix Type | Vulnerabilities | The type of fix, for example, version. |
| First Seen | Vulnerabilities, Web Application Findings |
The date when a scan first found the vulnerability on an asset. |
| IPv4 Address | Vulnerabilities, Web Application Findings |
The IPv4 address for the affected asset. |
| IPv6 Address | Vulnerabilities |
The IPv6 address for the affected asset. |
| Last Audited | Host Audits | Date of the most recent compliance check that was performed on the asset. |
| Last Authenticated Scan | Vulnerabilities | The time and date that a credentialed scan was last performed on the asset. |
| Last Fixed | Vulnerabilities |
The last time a previously detected vulnerability was scanned and noted as no longer present on an asset. |
| Last Scan Target | Vulnerabilities | The IP address or fully qualified domain name (FQDN) of the asset targeted in the last scan. |
| Last Seen | Vulnerabilities, Web Application Findings |
The date when a scan last found the vulnerability on an asset. |
| Live Result | Vulnerabilities |
Indicates whether the scan result is based on live results. In Agentless Assessment, you can use live results to view scan results for new plugins based on the most recently collected snapshot data, without running a new scan. The possible values are Yes or No. |
| Operating System | Host Audits | The result from the initial audit. |
| Operating Systems | Vulnerabilities, Web Application Findings | The result from the initial audit. |
| Original Result | Host Audits | The result from the initial audit. |
| Path | Vulnerabilities | The complete installation path of the software where a vulnerability was detected. |
| Plugin Family | Vulnerabilities, Web Application Findings |
The family of the plugin that identified the vulnerability. |
| Plugin ID | Vulnerabilities, Web Application Findings |
The ID of the plugin that identified the vulnerability. |
| Plugin Name | All |
The name of the plugin that identified the vulnerability. Hover on the |
| Port | Vulnerabilities |
The port that the scanner used to connect to the asset where the scan detected the vulnerability. |
| Product | Vulnerabilities | The name of the product on which the vulnerability was detected. |
| Product Type | Vulnerabilities | The type of product, for example, Application. |
| Protocol | Vulnerabilities |
The protocol the scanner used to communicate with the asset where the scan detected the vulnerability. |
| Region | Vulnerabilities |
The cloud region where the asset runs. |
| Result | Host Audits | The current or modified result from the audit check. |
| Result Modified Reason | Host Audits | Explanation for why the result of a compliance check was modified. |
| Result Modified Expires | Host Audits | Date the modified compliance check result will expire. |
| Resurfaced Date | Vulnerabilities, Web Application Findings |
The most recent date that a scan detected a Resurfaced vulnerability which was previously Fixed. If a vulnerability is Resurfaced multiple times, only the most recent date appears. |
| Scan Origin | Vulnerabilities |
The scanner that detected the finding. Also identifies if the scan is a work-load scan. Possible values for this column are: Tenable Vulnerability Management, Tenable Security Center, and Agentless Assessment. |
| Severity | Vulnerabilities, Web Application Findings |
The vulnerability's CVSS-based severity. For more information, see CVSS vs. VPR. |
| State | Vulnerabilities, Web Application Findings |
The state of the vulnerability. For more information, see Vulnerability States. |
| Tags | All |
Asset tags, entered in pairs of category and value (for example Network: Headquarters). This includes the space after the colon (:). If there is a comma in the tag name, insert a backslash (\) before the comma. If your tag name includes double quotation marks (" "), use the UUID instead. You can add a maximum of 100 tags. For more information, see Tags. |
| Time Taken to Fix | Vulnerabilities |
How long it took your organization to fix a vulnerability identified on a scan in days. Only appears for Fixed vulnerabilities. Use this filter along with the State filter set to Fixed for more accurate results. When exported, this field is shown in milliseconds. |
| Vendor | Vulnerabilities | The vendor who makes the product on which the vulnerability was identified, for example, Apache. |
| Vendor Severity | Vulnerabilities | The severity of a vulnerability as assigned by a CVE Numbering Authority (CNA). Unlike a National Vulnerability Database (NVD) score, which reflects the worst-case scenario, this rating accounts for mitigations. |
| Version | Vulnerabilities | The version of the product on which the vulnerability was identified. |
| VPR | Vulnerabilities, Web Application Findings |
A descriptive icon indicating the VPR of the vulnerability. For more information, see CVSS vs. VPR. |
| VPR (Beta) | Vulnerabilities, Web Application Findings |
A descriptive icon indicating the VPR (Beta) of the vulnerability. For more information, see CVSS vs. VPR. |
| Vuln SLA Date | Vulnerabilities, Web Application Findings | The date that the finding was last activated. It equals either the First Seen date when the finding is new or active or the Resurfaced Date if the finding is resurfaced. |
icon to view a detailed summary that includes metrics and plugin output.