General Settings

By default, Tenable Vulnerability Management uses CVSSv2 scores to calculate severity for individual vulnerability instances. If you want Tenable Vulnerability Management to calculate the severity of vulnerabilities using CVSSv3 scores (when available), you can configure your severity metric setting.

Tip: A vulnerability instance is a single instance of a vulnerability appearing on an asset, identified uniquely by plugin ID, port, and protocol.

For information about severity and the ranges for CVSSv2 and CVSSv3, see CVSS vs. VPR.

Caution: When changing your CVSS severity metric setting, the new setting is only reflected in new findings that come into your system. Any existing findings only reflect the previous severity setting (unless otherwise recasted). For more information on recast rules, see Recast/Accept Rules.

To configure your severity setting:

1. On the Severity tab, select the metric that you want Tenable Vulnerability Management to use for severity calculations.

   • CVSSv2 — Use CVSSv2 scores for all severity calculations.

   • CVSSv3 — Use CVSSv3 scores, when available, for all severity calculations. Use CVSSv2 only if a CVSSv3 score is not available.

2. Click Save.

3. The system saves your change and begins calculating severity based on your selection.

   All vulnerabilities seen before the change retain their severity. After the change, all vulnerabilities seen during scans receive severities based on your new selection. Because of this, you could see two sightings of the same vulnerability have two different CVSS scores and severities.

   Tip: A vulnerability instance is a single instance of a vulnerability appearing on an asset, identified uniquely by plugin ID, port, and protocol.

You can configure Service Level Agreement (SLA) settings to modify how Tenable calculates your SLA data.

You can view this data in the SLA Progress: Vulnerability Age widget on the Vulnerability Management Overview dashboard. For more information, see Vulnerability Management Overview.

To configure your SLA settings:

1. Click the Service-Level Agreement (SLA) tab.

   The SLA options appear.

   

2. Configure the following options:

   Option	Default	Description/Actions
   Vulnerability Age SLA	Critical 7 days High 30 days Medium 60 days Low 180 days	To modify the number of days included for each severity, type an integer in the box next to Critical, High, Medium, or Low.
   Override Vulnerability Severity Metric	VPR	Specifies whether Tenable uses VPR severity, CVSSv2 severity, or CVSSv3 severity to calculate SLA data. For more information about these metrics, see CVSS vs. VPR. Note: This option affects only the calculations displayed in the SLA Progress: Vulnerability Age widget. To modify the severity metric for all other areas of the product, navigate to the Severity tab on the General page.
   Vulnerability Age Metric	First Seen	Specifies whether Tenable uses First Seen or Published Date to calculate SLA data.

3. Click Save.

   Tenable Vulnerability Management saves your SLA settings.

On the General page, you can change the plugin language in your Tenable Vulnerability Management container to English, Japanese, Simplified Chinese, or Traditional Chinese. This setting affects all users in the container.

To change the plugin language:

1. In the upper-left corner, click the button.

   The left navigation plane appears.

2. In the left navigation plane, click Settings.

The Settings page appears.

3. Click the General tile.

   The General tile appears. By default, the Severity tab is active.

4. Click the Language tab.

   The Language tab appears.

5. Under Language, select a new language.

   Tenable Vulnerability Management updates the plugin language for your container.

To configure your default export expiration:

When you create an export, you can set an expiration delay for the export file up to 30 calendar days, which is the maximum number of days that Tenable Vulnerability Management allows before your export files expire.

By default, any exports you create in Tenable Vulnerability Management have an expiration date of 30 days. If you want to decrease the number of days that Tenable Vulnerability Management allows before your export files expire, you can configure your default export expiration days.

1. Click the Exports tab.

   The Export Expiration options appear.

   

2. In the Default Expiration box, type the number of days you want to Tenable Vulnerability Management to allow before your exports expire.

   Note: Tenable Vulnerability Management allows you to set a maximum of 30 calender days for export expiration.

   Note: You must type the number of days as an integer between 1 and 30.

3. Click Save.

   Tenable Vulnerability Management saves your settings and updates the number of allowable days before your exports expire.

Enabling plugin output data retention allows Tenable Vulnerability Management to store your plugin output data each time you launch a scan. You can then filter your vulnerability findings by plugin output. For more information, see Findings Filters.

Once you have enabled plugin output data retention, you must launch a scan so that Tenable Vulnerability Management can identify and store your plugin output data.

Caution: You cannot disable plugin output data retention once you have enabled it.

To enable plugin output data retention:

1. In the left navigation plane, click the Search tab.

   The search options appear.

   

2. Click the Enable Regex Search on Plugin Output toggle.

3. Click Save.

   Tenable Vulnerability Management enables plugin output data retention on your account.

What to do next:

• Launch a scan for your host assets.

In the Scanning section, you can change how Tenable Vulnerability Management handles info-level plugins with two settings.

Process High-Traffic Info Plugins

Tenable plans to deprecate this setting and replace it with Relocate Open Port Findings.

Disable this setting to stop Tenable Vulnerability Management from generating an individual finding for every open port on every scanned host. Disabling this setting reduces scan time and scan result export time, while enabling it may significantly increase these times. For more information, see Platform Performance Improvement FAQ - Info Plugins.

The following plugin IDs are impacted

• 34220 - Netstat Portscanner (WMI)

• 34252 - Microsoft Windows Remote Listeners Enumeration (WMI)

• 11219 - Nessus SYN Scanner

• 14272 - Netstat Portscanner (SSH)

• 25221 - Remote listeners enumeration (Linux / AIX)

• 10736 - DCE Services Enumeration

• 99265 - macOS Remote Listeners Enumeration

• 10335 - Nessus TCP scanner

• 14274 - Nessus SNMP Scanner

• 34277 - Nessus UDP Scanner

Tip: For more information about these plugins, see the Tenable Plugins site.

Relocate Open Port Findings

Enable this setting to change how Tenable Vulnerability Management handles open port findings by displaying them on the Asset Details page instead of the Findings workbench. To learn about the impact this change may have on your organization, see Tenable Vulnerability Management New Data Format: Relocate Open Port Findings.

This setting does the following:

• Enables the Open Ports tab on the Asset Details page that appears when you click a host asset on the Assets workbench.

• In the Open Ports tab, view open ports identified by the following plugins

  • 34220 - Netstat Portscanner (WMI)

  • 34252 - Microsoft Windows Remote Listeners Enumeration (WMI)

  • 11219 - Nessus SYN Scanner

  • 14272 - Netstat Portscanner (SSH)

  • 25221 - Remote listeners enumeration (Linux / AIX)

  • 10736 - DCE Services Enumeration

  • 99265 - macOS Remote Listeners Enumeration

  • 10335 - Nessus TCP scanner

  • 14274 - Nessus SNMP Scanner

  • 34277 - Nessus UDP Scanner

• Enables the Open Ports filter on the Assets workbench, where you can search for detected open ports on host assets.

• Enables the Open Ports rule on the Tags page, so you can tag your open ports.

• Adds an Open Ports field to the Assets workbench, so you can export your open port data.