View Scan Details

Required Scan Permissions: Can View

You can view scan results for scans you own and scans that were shared with you.

Consider the following when viewing scan results:

  • You can view details for an individual scan based on the permissions configured for the scan. However, when you view aggregated scan results in dashboards and other analysis views (for example, the Vulnerabilities or Assets tables), your access is based on the access groups you belong to.

  • Tenable Vulnerability Management defines Archived as any individual scan results that are older than 35 days. For scan results that are younger than 35 days, you can view and export the results in Tenable Vulnerability Management. For archived scan results, you can export the results, but cannot view them in Tenable Vulnerability Management. This limitation applies to both imported scan results and scan results that Tenable Vulnerability Management collects directly from scanners. After 15 months, Tenable Vulnerability Management removes the scan data entirely.

  • When you view results from the latest run of the scan, Tenable Vulnerability Management categorizes the scan as Read. The Read status is specific to your user account only. You can also manually change the read status.

  • Tenable Vulnerability Management retains scan data for 15 months. If you want to store scan data for longer than 15 months, you can export the scan data for storage outside of Tenable Vulnerability Management.

  • You can view a maximum of 5,000 rows at a time in the Vulns by Asset table.

To view scan details for an individual scan:

  1. In the left navigation, click Scans.

    The Scans page appears.

  2. Below Scans, choose to view Vulnerability Management Scans or Web Application Scans.

  3. In the Folders section, click a folder to load the scans you want to view.

    The scans table updates to display the scans in the folder you selected.

  4. In the scan table, click the scan where you want to view details.

    The scan details plane appears below the scan table. By default, this plane shows details for the latest run of the scan.

  5. Do any of the following:
    SectionAction
    Scan Actions menu
    • Launch a scan.
    • Edit a scan configuration.
    • Export scan results.
    • Move a scan to a different folder.
    • Change the read status for a scan.
    • Delete a scan permanently.
    • Copy a scan.
    • Move a scan to the trash.
    See All Details button

    Click the See All Details button to open the Scan Details page and view the scan's vulnerabilities and affected assets, target information, and scan history. You can also use the Scan Details page to export the scan, edit the scan configuration, move the scan to the trash folder, and submit the scan for PCI validation.

    The scan details page includes the following features and information:

    • (Rollover scans only) Download a list of a rollover scan's remaining targets.

    • Export the currently visible scan results.

    • Edit the scan configuration.

    • Move a scan to the trash folder.

    The number of vulnerabilities with a Critical, High, Medium, and Low severity in the scan results.

    View details about the scan run:

    • Status — The status of the scan.
    • Start Time — The start date and time for the scan.
    • Template — The Tenable-provided template on which the scan configuration is based.
    • Scanner — The scanner that performed the scan.
    • Scanner Groups — The scanner group or groups to which Tenable Vulnerability Management assigned the scan. This detail appears only if scan routing is enabled for the scan.
    • Targets — The targets that the scan evaluated.

    View the vulnerabilities in the scan results, organized by plugin.

    Note: This tab does not appear for scan results older than 35 days.

    • View information about each vulnerability:
      • Severity icon — The severity of the vulnerability.
      • Name — The name of the plugin that identified the vulnerability.
      • Family — The family of the plugin that identified the vulnerability.

      • Instances — The number of vulnerability instances.

        Tip: A vulnerability instance is a single instance of a vulnerability appearing on an asset, identified uniquely by plugin ID, port, and protocol.

    • To filter the data displayed in the table, see Filter a Table.
    • To sort, increase or decrease the number of rows per page, or navigate to another page of the table, see Tenable Vulnerability Management Tables.

    • To view details for a vulnerability, click a row of the table.

      The Vulnerability Details page appears. For more information, see Vulnerability Details.

    View compliance audit check results. This tab only appears if the scan results include data from compliance audit checks.

    Tip: This tab does not appear for scan results older than 35 days.

    On this tab, you can view:

    • View tiles representing the number of audit checks identified the last time the scan was completed organized by severity level.
    • View a table of audits detected during the scan. Each row represents a specific audit, and includes the following information:
      • Status — The status of the audit, for example Passed, Warning, or Failed.
      • Name — The name of the compliance check.
      • Family — The compliance check family to which the audit belongs.
      • Count — The number of times the audit was identified.

    • To view additional information about a specific audit check, click a row in the audits table.

      The Audit Details page appears.

      • Overview — Information about the audit check, including a description of the check and the audit file used for the check.
      • Assets — A list of assets where the scan performed the audit check.

    (Rule-based scans only) Shows the scan's description, triggers, an explanation of rule-based scanning, and a link to the vulnerabilities workbench.

    View the vulnerabilities in the scan results, organized by asset. By default, assets in the table are sorted by decreasing number of vulnerabilities, then by decreasing severity.

    Tip: This tab does not appear for scan results older than 35 days.

    • View information about each vulnerability:
      • Assets — The asset identifier. Tenable Vulnerability Management assigns this identifier based on the presence of certain asset attributes in the following order:
        • Agent Name (if agent-scanned)

        • NetBIOS Name

        • FQDN

        • IPv4 address

        For example, if scans identify a NetBIOS name and an IPv4 address for an asset, the NetBIOS name appears as the Asset Name.

      • Vulnerabilities — A visual summary of the vulnerabilities on the asset, organized by severity.

      • Vuln Count — The total number of vulnerabilities on the asset.
      • Critical — The total number of vulnerabilities on the asset with a critical severity.
      • High — The total number of vulnerabilities on the asset with a high severity.
      • Audits — A visual summary of the audits on the vulnerability, organized by severity.
      • Audit Count — The total number of audits on the asset.
    • To filter the data displayed in the table, see Filter a Table.
    • To sort, increase or decrease the number of rows per page, or navigate to another page of the table, see Tenable Vulnerability Management Tables.

    • To view details for an asset, click a row of the table.

      The Asset Details page appears. For more information, see View Legacy Workbench Asset Details.

    View warnings about problems Tenable Vulnerability Management or the scanner encountered while running the scan. This tab only appears if Tenable Vulnerability Management or the scanner encountered an issue while running the scan. This tab does not appear for scan results older than 35 days.

    Review the warnings to determine how to resolve the scan problem. For example, if an Invalid Target note is present, check the target parameters in the scan configuration.

    Tip: In the scan warnings table header, click Download All Warnings to download a JSON file of all the scan result's warnings. The button is not shown if the scan was archived.

    View remediation details.

    Note: The Remediation tab only appears if there are known remediations for the scan.

    This tab contains a table listing each remediation action. On this tab, you can view:

    • Vulnerabilities — The number of vulnerabilities resolved by the recommended remediation.

    • Assets — The number of assets scanned.

    View the scan history.

    This tab contains a table listing each time the scan has run. For the scan run currently displaying in the Scan Details page, Tenable Vulnerability Management adds the label Current to the run. By default, the latest scan run is labeled Current.

    Note: Scan history is unavailable for imported scans, configured scans that have not yet run, and triggered scans.

    Note: For triggered scan histories, Tenable Vulnerability Management shows a scan history entry for each 12-hour window of the past 7 days. Tenable Vulnerability Management only retains up to 15 triggered scan histories at a time for each scan.

    On this tab, you can:

    • View summary information about each time the scan was run:
      • Start Time — The start date and time for the scan.
      • End Time — The end date and time for the scan.
      • Duration — The duration of the scan .
      • Status — The status of the scan.
    • Filter the data displayed in the table.
    • Sort, increase or decrease the number of rows per page, or navigate to another page of the table. For more information, see Tenable Vulnerability Management Tables.

    • View details for a historical scan by clicking a row in the table.

      Tenable Vulnerability Management marks the run you selected as Current and updates the Scan Details section to show data for the selected run.

      If the historical scan results are younger than 35 days, Tenable Vulnerability Management also updates the tabs on the Scan Details page.

      If the historical scan results are older than 35 days, the additional tabs are absent from the Scan Details page. Use export instead to obtain the results.

    Activity section

    A history of the scan's activity.

    In this section, you can view the date and time when the scan Started, Completed, and when it was Modified, Canceled, or manually Aborted.

    Vulnerabilities by Severity/VPR Breakdown sectionThe number of vulnerabilities with a Critical, High, Medium, and Low severity in the scan results.
    Scan Duration sectionThe amount of time elapsed between the start and end of the scan.
    Targets sectionThe number of targets scanned.
    Type sectionThe scan type.
    Template section

    The scan template used.

    Schedule sectionThe scan schedule.