Generate Findings Reports

Required Tenable Vulnerability Management User Role: Scan Operator, Standard, Scan Manager, or Administrator

This feature allows you to apply filters on the Findings page to define and export a subset of vulnerability data. You can generate these customized reports immediately, or schedule them for recurring delivery and email distribution to relevant teams for ongoing risk management and prioritization.

Note: You can only generate reports for vulnerabilities Findings Types. These reports must contain less than 10,000 findings. Additionally, you cannot run more than 50 reports at once.

To generate a report:

  1. In the left navigation, click Explore > Findings

    The Findings page appears.

  2. (Optional) Using filters, refine the list of findings.

  3. Select the findings to report on.

    Above the list of findings, the action bar appears.

  4. In the action bar, click Generate Report.

    In the dialog that appears, set the following options.

    Option Description

    File Name

    		(Optional) Type a name for the report.
    Template

    Select a report template. Choose from the following templates:

    • Host Findings Executive Summary Report — Summarizes severity levels for the vulnerabilities you are reporting on, as well as the criticality, last scan time, and port count of the associated assets.

    • Host Findings Vulnerability Details by Plugin — Details the vulnerabilities you are reporting on by plugin.

    • Host Findings Vulnerability Details by Asset — Details associated assets for the vulnerabilities you are reporting on.

    Schedule

    Turn on the Schedule toggle to schedule the report:

    1. In the Start Date section, select the date when the report will run.
    2. In the Start Time drop-down, select the time when the report will run.
    3. In the Time Zone drop-down, select a time zone.
    4. In the Frequency drop-down, select the cadence on which you want the report to repeat (for example, daily).
    5. In the Repeat Every drop-down, select the number of days you want the report to repeat (for example, 5 Days).
    6. In the Repeat Ends drop-down, select On or Never. If you select On, choose the End Date when the report will stop running. If you select Never, the report runs until you modify or delete it.
    Add Recipients

    (Optional) Type the emails where you want Tenable Vulnerability Management to send the finished report.
    Password Protection (Optional) Enable this toggle to password-protect your report with AES 128-bit encryption. In the Encryption Password field, type a password to provide to the recipients.

  5. Click Schedule Report.

    A confirmation message appears and the system builds the report. Click the link in the message to view the report. Or, go to the Reports > Report Results page.

Scheduling Behavior

There are two report generation strategies:

  • Select static findings

    When you select individual findings for report generation, you create a static snapshot of your data. This is useful for reporting on a fixed set of findings, for example, ones explicitly identified for a specific audit.

    Note: Selecting individual findings is not linked to your filters. If you filtered for Critical vulnerabilities and then selected three of them individually, the next scheduled report will contain those same three items, even if 20 new Critical vulnerabilities are discovered in the interim.

  • Dynamic findings selection

    Use Select all vulnerabilities to generate a dynamic report. When the report runs on its scheduled date, it re-evaluates all findings against the filters you configured (for example, vpr is greater than 8 AND Severity is equal to Critical).

    Note: Use this with recurring reporting (for example, 7 days, 30 days) for an up-to-date list of findings that match your defined criteria. New findings that meet the criteria will be included; remediated findings that no longer meet the criteria will be excluded.

The following table summarizes this information:

Select Findings Report Scope Findings Included
Individual Findings Static Scope Includes only the specific findings selected when the schedule was first configured. New findings discovered later, even if they match the initial filters, are not included.
Select All Vulnerabilities Dynamic Scope Includes all findings that match the report’s filters at the time the scheduled report is generated. New findings are included automatically.