Generate Findings Reports

Required Tenable Vulnerability Management User Role: Scan Operator, Standard, Scan Manager, or Administrator

Apply filters on the Findings page to define a specific subset of vulnerabilities for your report. You can generate these reports on-demand or schedule them for recurring email delivery to ensure your teams receive consistent, up-to-date data for risk prioritization.

Note: Report generation limits vary depending on whether you use Static or Dynamic selection (see Scheduling Behavior below). Additionally, Tenable Vulnerability Management limits concurrent report execution to 50 reports at any given time.

To generate a report:

  1. In the left navigation, click Explore > Findings

    The Findings page appears.

  2. (Optional) Using filters, refine the list of findings.

  3. Select the findings to report on.

    Above the list of findings, the action bar appears.

  4. In the action bar, click Generate Report.

    In the dialog that appears, set the following options.

    Option Description

    File Name

    		(Optional) Type a name for the report.
    Template

    Select a report template. Choose from the following templates:

    • Host Findings Executive Summary Report — Summarizes severity levels for the vulnerabilities you are reporting on, as well as the criticality, last scan time, and port count of the associated assets.

    • Host Findings Vulnerability Details by Plugin — Details the vulnerabilities you are reporting on by plugin.

    • Host Findings Vulnerability Details by Asset — Details associated assets for the vulnerabilities you are reporting on.

    Schedule

    Turn on the Schedule toggle to schedule the report:

    1. In the Start Date section, select the date when the report will run.
    2. In the Start Time drop-down, select the time when the report will run.
    3. In the Time Zone drop-down, select a time zone.
    4. In the Frequency drop-down, select the cadence on which you want the report to repeat (for example, daily).
    5. In the Repeat Every drop-down, select the number of days you want the report to repeat (for example, 5 Days).
    6. In the Repeat Ends drop-down, select On or Never. If you select On, choose the End Date when the report will stop running. If you select Never, the report runs until you modify or delete it.
    Add Recipients

    (Optional) Type the emails where you want Tenable Vulnerability Management to send the finished report.
    Password Protection (Optional) Enable this toggle to password-protect your report with AES 128-bit encryption. In the Encryption Password field, type a password to provide to the recipients.

  5. Click Schedule Report.

    A confirmation message appears and the system builds the report. Click the link in the message to view the report. Or, go to the Reports > Report Results page.

Scheduling Behavior

There are two report generation strategies:

  • Select static findings

    When you select individual findings for report generation, you create a static snapshot of your data. This is useful for reporting on a fixed set of findings, for example, ones explicitly identified for a specific audit.

    Note: Selecting individual findings is not linked to your filters. If you filtered for Critical vulnerabilities and then selected three of them individually, the next scheduled report will contain those same three items, even if 20 new Critical vulnerabilities are discovered in the interim.

    Note: Static finding selection is limited to 200 findings for report generation.

  • Dynamic findings selection

    Use Select all [number] [findings_type] to generate a dynamic report. When the report runs on its scheduled date, it re-evaluates all findings against the filters you configured (for example, vpr is greater than 8 AND Severity is equal to Critical).

    Note: Use this with recurring reporting (for example, 7 days, 30 days) for an up-to-date list of findings that match your defined criteria. New findings that meet the criteria will be included; remediated findings that no longer meet the criteria will be excluded.

    Note: When using dynamic findings selection with Select all [number] [findings_type], there is a limit of 10,000 findings for report generation.

The following table summarizes this information:

Select Findings Report Scope Findings Included Limits
Individual Findings Static Scope Includes only the specific findings selected when the schedule was first configured. New findings discovered later, even if they match the initial filters, are not included. 200 findings
Select All Vulnerabilities Dynamic Scope Includes all findings that match the report’s filters at the time the scheduled report is generated. New findings are included automatically. 10,000 findings