Host Audit Filters

In the query builder on the Host Audits page, use filters to refine the list of host audit findings. Choosing a filter from the left navigation tree does not remove your current query builder filters.

Filter Description
Asset ID

The UUID of the asset where a scan detected the finding. This value is unique to Tenable Vulnerability Management.

Asset Name

The name of the asset where the audit check ran. A unique identifier that Tenable assigns based on the availability of the following attributes: Agent Name, Local hostname, NetBIOS Name, DNS (FQDN) (Fully Qualified Domain Name), IPv4 Address, and IPv6 Address.

Audit File The name of the audit file the scanner used to perform the audit. Audit files are XML-based text files that contain the specific configuration, file permission, and access control tests the scanner performs.
Audit Name The name Tenable assigned to the audit. In some cases, the compliance control may appear as the prefix within the name.
Benchmark Benchmarks are best practices that source authorities such as Center for Internet Security (CIS), United States Defense Information Systems Agency (DISA), and Microsoft publish. This filter provides a list of the supported benchmarks and the version of the benchmark.
Benchmark Specification Name The benchmark name.
Benchmark Version The benchmark version. Use this filter with the Benchmark filter.
Compliance Control There are a series of designations within the compliance frameworks that Tenable calls controls. For example: CSF:DE.CM-3, 800-53:AU-12c, STIG-ID:WN10-AU-000045, and so on. This is a text-based field to filter on the specific control(s). Use this filter with the Compliance Framework filter.
Compliance Family Name There are a series of designations within compliance frameworks that Tenable calls controls. For example: ISO/IEC-27001:A.12.4.1, or CSF:DE.CM-1. This filter groups the controls into families for easier and more efficient queries. For example: A12 - Operations security or CSF:Detect. Use this filter with the Compliance Framework filter.
Compliance Framework Tenable audits configuration compliance with a variety of standards including GDPR, ISO 27000, HIPAA, NIST 800-53, PCI DSS, and so on. This allows filtering based on the respective framework.
Control ID

An ID for correlating results with other results that meet a certain benchmark recommendation. You can use this filter to identify checks in the audit portal.

Finding ID

The unique Tenable ID for the finding. To view the ID for a finding, click its details and check the page URL in your browser's address bar for an alphanumeric string between details and asset.

First Audited Identifies the first date the scanner performed the audit check on the asset.
FQDNs The fully qualified domain names (FQDNs) for the asset.
IPv4 Address The IPv4 address for the affected asset. You can add up to 100 IP addresses to this filter.
IPv6 Address The IPv6 address for the affected asset.
Last Audited Identifies the date of the most recent audit check the scanner performed on the asset.
Last Fixed

The last time a previously detected vulnerability was scanned and noted as no longer present on an asset.

Operating System The operating system(s) installed on the asset.
Original Result The result from the initial audit.
Plugin ID

Filter on the ID of the plugin that identified the vulnerability.

(200 value limit)

Plugin Name

The name of the plugin that identified the vulnerability.

Result The current or modified result from the audit check.
Result Modified You can create rules to accept or modify the results of an audit check. This filter allows you to report modified results.
Tags

The Tags filter allows for multiple tag selection and uses two separate search behaviors. When you select the tags filter in the Query Builders followed by an operator (is equal to or is not equal to), a second tags filter pane appears.

  • Query Builder Filter — If you begin typing a partial tag name (for example, prod) in the main query builder text box, the tags filter pane shows the tag list with all matching options. You can select one or more of these tags.

  • Tag Filter Override — To search for a different tag name without modifying your initial query token (for example, if you want tags with a "PCI" token, but still have prod in the query builder), you can type the new text (for example, PCI) into the search field under All Tags in the tags filter pane. This input overrides the token from the query builder, displaying only tags matching the internal search (PCI). This temporary internal filter is for tag selection only and allows you to select additional tags before applying the complete filter to your findings.

  • Text Tab - Click the Text tab to the right of All Tags. A text box appears. Input a list of comma-separated or newline delimited tags. Matching tags are selected in All Tags. Toggle Show Selected to show only matching tags in All Tags.

Note: Tag filters can only be applied to rules created via the Findings page or the Quick Actions menu. These rules are view-only within the Recast section of the user interface.

You can add a maximum of 100 tags in this filter query.

For more information on tagging, see Tags. For more information on creating tags, see Manage Tags.