Exposure Response Filters
In Exposure Response, use the Query Builder to view specific findings or affected assets or choose which vulnerabilities appear in a combination.
The following table defines the findings filters to use in queries within your Initiative Activity pane.
| Filter | Description |
|---|---|
| ACR |
(Requires Tenable One or Tenable Lumin license) The Tenable-defined Asset Criticality Rating (ACR) as an integer from 1 to 10. |
| AES |
(Requires Tenable One or Tenable Lumin license) The Tenable-defined Asset Exposure Score as an integer from 0 to 1000. |
| Asset ID | The UUID of the asset where a scan detected the finding. This value is unique to Tenable Vulnerability Management. |
| Asset Name |
The name of the asset where a scan detected the vulnerability. This value is unique to Tenable Vulnerability Management. This filter is case-sensitive, but you can use the wildcard character to turn this off. |
| Bugtraq ID | The Bugtraq ID for the plugin that identified the vulnerability. |
| Category | The category of the vulnerability. |
| Categories | The categories of software vulnerabilities. Possible values are displayed in the Query builder. |
| CPE |
The Common Platform Enumeration (CPE) numbers for vulnerabilities that the plugin identifies. (200 value limit) |
| CVE |
The Common Vulnerability and Exposure (CVE) IDs for the vulnerabilities that the plugin identifies. (200 value limit) |
| CVE (Product) |
The Common Vulnerability and Exposure (CVE) IDs for the vulnerabilities associated with the product where the finding was identified (25 value limit). |
| CVE ID |
The Common Vulnerabilities and Exposures (CVE) ID, for example CVE-2002-2024. |
| CVSSv2 Base Score |
A numeric value between 0.0 and 10.0 that represents the intrinsic characteristics of a vulnerability independent of any specific environment. |
| CVSSv2 Temporal Score | The CVSSv2 Temporal Score reflects the current real-world severity of a vulnerability, adjusting the Base Score based on factors that change over time. |
| CVSSv2 Temporal Vector | CVSSv2 temporal metrics for the vulnerability. |
| CVSSv2 Vector |
The raw CVSSv2 metrics for the vulnerability. For more information, see the CVSSv2 documentation on the FIRST website. |
| CVSSv3 Base Score |
A numeric value between 0.0 and 10.0 that represents the intrinsic characteristics of a vulnerability independent of any specific environment. |
| CVSSv3 Temporal Score | The CVSSv3 temporal score (characteristics of a vulnerability that change over time but not among user environments). |
| CVSSv3 Temporal Vector | CVSSv3 temporal metrics for the vulnerability. |
| CVSSv3 Vector | More CVSSv3 metrics for the vulnerability. |
| CVSSv4 Attack Complexity (AC) |
The conditions beyond the attacker's control that must exist to exploit the vulnerability. |
| CVSSv4 Attack Requirements (AT) |
The resources, access, or specialized conditions required for an attacker to exploit the vulnerability. |
| CVSSv4 Attack Vector (AV) |
The context where vulnerability exploitation is possible, such as Network or Local. |
| CVSSv4 Base Score |
A numeric value between 0.0 and 10.0 that represents the intrinsic characteristics of a vulnerability independent of any specific environment. |
| CVSSv4 Privileges Required (PR) |
The level of privileges an attacker must possess to exploit the vulnerability. |
| CVSSv4 Subsequent System Availability Impact (SA) |
The impact on the availability of systems that can be impacted after the vulnerable system is exploited. |
| CVSSv4 Subsequent System Confidentiality Impact (SC) |
The impact on the confidentiality of systems that can be impacted after the vulnerable system is exploited. |
| CVSSv4 Subsequent System Integrity Impact (SI) |
The impact on the integrity of systems that can be impacted after the vulnerable system is exploited. |
| CVSSv4 User Interaction (UI) |
The level of user involvement required for an attacker to exploit the vulnerability. |
| CVSSv4 Vulnerable System Availability Impact (VA) |
The impact on the availability of the vulnerable system when successfully exploited. |
| CVSSv4 Vulnerable System Confidentiality Impact (VC) |
The impact on the confidentiality of the vulnerable system when successfully exploited. |
| CVSSv4 Vulnerable System Integrity Impact (VI) |
The impact on the integrity of the vulnerable system when successfully exploited. |
| CWE | The Common Weakness Enumeration (CWE) for the vulnerability. |
| EPSS Score |
The percentage likelihood that a vulnerability will be exploited, based on the third-party Exploit Prediction Scoring System (EPSS). Type a number from 0 to 100 with up to three decimal places, for example, 75.599. |
| Exploitability Ease | A description of how easy it is to exploit the vulnerability. |
| Exploited By Malware | Indicates whether the vulnerability is known to be exploited by malware. |
| Finding ID |
The unique Tenable ID for the finding. To view the ID for a finding, click its details and check the page URL in your browser's address bar for an alphanumeric string between details and asset. |
| First Seen |
The date when a scan first found the vulnerability on an asset. |
| Fix Available |
If a fix is available for the corresponding vulnerability. Options are Yes or No. |
| In The News | Indicates whether this plugin has received media attention (for example, ShellShock, Meltdown). |
| IPv4 Address | The IPv4 address for the affected asset. You can add up to 100 IP addresses to this filter. |
| IPv6 Address | The IPv6 address for the affected asset. |
| Last Fixed |
The last time a previously detected vulnerability was scanned and noted as no longer present on an asset. |
| Last Seen |
Filter on the date that the asset was last observed by any successful scan, including vulnerability scans, configuration scans, and discovery scans. This value can also be the date that the asset was imported into Tenable Vulnerability Management. |
| Operating System | The operating system installed on the asset. |
| Original Severity |
The vulnerability's CVSS-based severity when a scan first detected the finding. For more information, see CVSS vs. VPR. |
| Patch Published |
The date on which the vendor published a patch for the vulnerability. |
| Path | The complete installation path of the software where a vulnerability was detected. |
| Plugin Description |
The description of the Tenable plugin that identified the vulnerability. |
| Plugin Family |
The family of the plugin that identified the vulnerability. (200 value limit) |
| Plugin ID |
Filter on the ID of the plugin that identified the vulnerability. (200 value limit) |
| Plugin Modification Date |
The date at which the plugin that identified the vulnerability was last updated. |
| Plugin Name |
The name of the plugin that identified the vulnerability. |
| Plugin Published |
The date on which the plugin that identified the vulnerability was published. |
| Plugin Type |
The general type of plugin check. Options are Local, Remote, Local & Remote, Summary, Settings, Reputation, and/or Third Party. |
| Product | The name of the product on which the vulnerability was detected. |
| Product Type | The type of product. Options are Application, Hardware, Operating System, Package. |
| Resurfaced Date | The most recent date that a scan detected a Resurfaced vulnerability which was previously Fixed. If a vulnerability is Resurfaced multiple times, only the most recent date appears. |
| Risk Modified |
The risk modification applied to the vulnerability's severity. Options are Recast, Accepted, and None. To learn more, see Recast Rules. |
| See Also |
Links to external websites that contain helpful information about the vulnerability. |
| Severity |
The vulnerability's CVSS-based severity. For more information, see CVSS vs. VPR. |
| Solution |
A brief summary of how you can remediate the vulnerability. |
| Source |
The source of the scan that identified the asset. Possible values include Agent for Tenable Agent, Nessus for Tenable Nessus, PVS/NNM for Tenable Network Monitor, and WAS for Tenable Web App Scanning. |
| State |
The state of the vulnerability detected in the finding. Options are Fixed, Resurfaced, Active, New. Appears in the vulnerability findings query builder by default, with Active, Resurfaced and New selected. For more information, see Vulnerability States. |
| Synopsis | A brief description of the plugin or vulnerability. |
| Tags |
Filter and organize assets into logical groups (e.g., Network: Headquarters) for easier management and reporting. This filter is case-sensitive. You can add a maximum of 100 tags. For more information, see Tags. |
| Vendor | The vendor who makes the product on which the vulnerability was identified, for example, Apache. |
| Version | The version of the product on which the vulnerability was identified. |
| VPR |
The Vulnerability Priority Rating that Tenable calculated for the vulnerability. |
| VPR (Beta) Key Driver CVE ID |
Filter on a specific CVE ID for the CVE that is a primary contributor to the calculated VPR (Beta) score for a vulnerability. |
| VPR (Beta) Key Driver Exploit Chain |
Allows filtering on CVEs that are part of an exploit chain. |
| VPR (Beta) Key Driver Code Maturity |
Filter on current availability and maturity of exploit code. Options are High, Functional, POC, and Unproven. |
| VPR (Beta) Key Driver Exploit Probability |
Filter on the probability of exploitation produced by the VPR (Beta) threat model for the CVE. |
| VPR (Beta) Key Driver In the News Intensity, last 30 days |
Allows filtering on the volume of news reporting on the CVE within the last 30 days. Options are Very Low, Low, Medium, High, Very High. |
| VPR (Beta) Key Driver In the News Recency |
Allows filtering on the recency of news sources reporting on the CVE. Options are No Recorded Events, 60 to 180 days, 30 to 60 days, 14 to 30 days, 7 to 14 days, 0 to 7 days. |
| VPR (Beta) Key Driver In the News Sources, last 30 days |
Filter on categories of news sources that have referenced the CVE within the last 30 days. Select from one or more of Academic and Research Institutions, Blogs and Individual Researchers, Code Repositories, Cybersecurity News Media, Cybersecurity Vendors, Forums and Community Platforms, Government and Regulatory, Mainstream News and Media, Security Research, Technology Companies, Tools and Resources, Other. |
| VPR (Beta) Key Driver Malware Observation Intensity, last 30 days |
Filter on the volume of observed malware exploiting the CVE within the last 30 days. Options are Very Low, Low, Medium, High, Very High. |
| VPR (Beta) Key Driver Malware Observations Recency |
Filter on the recency of observed malware exploiting the CVE. Options are No Recorded Events, 60 to 180 days, 30 to 60 days, 14 to 30 days, 7 to 14 days, 0 to 7 days. |
| VPR (Beta) Key Driver On CISA KEV |
Filter on whether the CVE is listed on the CISA Known Exploited Vulnerabilities list. Options are Yes, No. |
| VPR (Beta) Key Driver Targeted Industries |
Allows filtering on specific industries where attacks leveraging the CVE have been observed. Sample options include Banking, Technology, Government. |
| VPR (Beta) Key Driver Targeted Regions |
Allows filtering on specific geographic regions where attacks leveraging the CVE have been observed. |
| VPR (Beta) Key Driver VPR Percentile |
Filter on the VPR (Beta) score percentile ranking of the CVE, indicating its position relative to other vulnerabilities. |
| VPR (Beta) Key Driver VPR Severity |
Filter on the VPR (Beta) severity categorization of the CVE. Options are Critical, High, Medium, Low, Info. |
| VPR (Beta) |
The numerical VPR (Beta) score itself. Allows filtering by specific ranges or values of the updated vulnerability priority rating. |
| Vuln SLA Date | The date that the finding was last activated. It equals either the First Seen date when the finding is new or active or the Resurfaced Date if the finding is resurfaced. |
| Vulnerability Published |
The date when the vulnerability definition was first published (for example, the date that the CVE was published). |