External Attack Surface Findings Details
The Details and Asset Summary tabs in the finding details pane display fields specific to each External Attack Surface subtype: HTTP Metadata, SSL/TLS, and Whois. Only populated fields appear in the details pane.
HTTP Metadata
HTTP Metadata findings contain web application metadata collected from Attack Surface Management (ASM) scans, including response codes, server information, and page content analysis.
Details Tab
The Details tab shows two sections for HTTP Metadata findings.
HTTP Metadata section
| Field | Description |
|---|---|
| Content Length | Size of the HTTP response body, in bytes. |
| Password Fields Count | Number of password input fields detected on the page. |
| HTTP Content Type | MIME type of the HTTP response content (for example, text/html). |
| Response Code | Initial HTTP response code returned by the server. |
| HTTP Server | Server software identified in the HTTP response header. |
| Sets Cookies | Indicates whether the server sets cookies in the response. |
| Vary | Value of the HTTP Vary response header, indicating which request headers affect caching. |
| Final URL | Final URL reached after following all redirects. |
| Final Response Code | HTTP response code returned at the final URL. |
| Redirect Chain | Sequence of URLs traversed in the redirect chain, if any. |
| Screenshot | Screenshot of the web page captured during the ASM scan. |
HTTP Headers section
The HTTP Headers section displays the raw HTTP response headers returned by the server as key-value pairs (for example, Content-Type, Server, Etag, Last-Modified).
Asset Summary Tab
| Section or Field | Description |
|---|---|
| Asset — Asset Name | Name of the asset associated with this finding. |
| Asset — Asset ID | Unique identifier for the asset. |
| Asset — Type | Asset type (for example, Web Application). |
| Asset — Sources | Discovery sources for the asset (for example, External Asset, Web Application). |
| Asset — IPv4 Addresses | IPv4 addresses associated with the asset. |
| Asset — Public | Indicates whether the asset is publicly accessible. |
| Asset — SSL/TLS | Indicates whether the asset supports SSL/TLS. |
| Asset — Has Agent | Indicates whether the asset has a deployed Tenable Agent. |
| Asset — Licensed | Indicates whether Tenable Vulnerability Management licenses the asset. |
| Asset — Deleted | Indicates the deletion status of the asset. |
| Asset — Created Date | Date and time Tenable Vulnerability Management created the asset. |
| Asset — Updated Date | Date and time the system last updated the asset record. |
| Last Seen — Last Seen by ASM | Date Attack Surface Management last detected the asset. |
| Tags | Tags applied to the asset. |
SSL/TLS
SSL/TLS findings contain certificate details collected from Attack Surface Management (ASM) scans, including issuer information, validity dates, and supported protocols.
Details Tab
The Details tab shows one section for SSL/TLS findings.
SSL/TLS section
| Field | Description |
|---|---|
| SSL/TLS Valid From | Date the SSL/TLS certificate became valid. |
| SSL/TLS Expiration | Date the SSL/TLS certificate expires. |
| SSL/TLS Issuer Common Name | Common name (CN) of the certificate issuer. |
| SSL/TLS Issuer Organization | Organization (O) of the certificate issuer. |
| SSL/TLS Issuer Country/Region | Country or region (C) of the certificate issuer. |
| SSL/TLS Serial Number | Serial number of the SSL/TLS certificate. |
| SSL/TLS Fingerprint | Cryptographic fingerprint of the certificate. |
| SSL/TLS Key Length | Length of the certificate's encryption key, in bits. |
| SSL/TLS Protocol | SSL/TLS protocol versions supported by the server. |
| SSL/TLS Cipher Suites | Cipher suites supported by the server. |
Asset Summary Tab
The Asset Summary tab for SSL/TLS findings shows the same Asset and Tags sections as HTTP Metadata findings. The Last Seen section includes additional fields:
| Section or Field | Description |
|---|---|
| Last Seen — Last Seen by ASM | Date Attack Surface Management last detected the asset. |
| Last Seen — First Seen by VM | Date and time Tenable Vulnerability Management first became aware of the asset. This may reflect a VM scan, ASM discovery import, or another source. |
| Last Seen — Last Seen by VM | Date and time Tenable Vulnerability Management most recently observed the asset. Updated by VM scans when available; otherwise reflects the most recent import. |
Whois
Whois findings contain domain registration details collected from WHOIS records, including registrar, registrant contact information, and domain name expiration.
Details Tab
The Details tab shows one section for Whois findings. Only populated fields appear.
Whois section
| Field | Description |
|---|---|
| Registrar Name | Name of the domain registrar. |
| WHOIS Status | Current domain status from the WHOIS record (for example, clientTransferProhibited). |
| Domain Name Expiration | Date the domain registration expires. |
| Contact Email | General contact email from the WHOIS record. |
| Registrant Name | Name of the domain registrant. |
| Registrant Organization | Organization of the domain registrant. |
| Registrant Email | Email address of the domain registrant. |
| Registrant Telephone | Phone number of the domain registrant. |
| Registrant Fax | Fax number of the domain registrant. |
| Registrant Street 1–4 | Street address lines for the domain registrant. |
| Registrant City | City of the domain registrant. |
| Registrant State | State or province of the domain registrant. |
| Registrant Postal Code | Postal code of the domain registrant. |
| Registrant Country/Region | Country or region of the domain registrant. |
| Administrative Contact Name | Name of the administrative contact for the domain. |
| Administrative Contact Organization | Organization of the administrative contact. |
| Administrative Contact Email | Email address of the administrative contact. |
| Administrative Contact Telephone | Phone number of the administrative contact. |
| Billing Contact Email | Email address of the billing contact for the domain. |
| Technical Contact Name | Name of the technical contact for the domain. |
| Technical Contact Organization | Organization of the technical contact. |
| Technical Contact Email | Email address of the technical contact. |
| Zone Contact Email | Email address of the DNS zone contact. |
Asset Summary Tab
The Asset Summary tab for Whois findings shows the same Asset, Last Seen (Last Seen by ASM only), and Tags sections as HTTP Metadata findings. See HTTP Metadata for field descriptions.