CSV Asset Export Fields
The following feature is only available in Tenable FedRAMP Moderate environments.
Each line in the .csv file is composed of the fields described in the following table. On the Assets page, you can export assets as a .csv file.
| Field | Description |
|---|---|
| Agent Name |
The name of the Tenable Nessus agent that scanned and identified the asset. |
| AWS Availability Zone |
The name of the Availability Zone where AWS hosts the virtual machine instance. For more information, see Regions and Availability Zones in the AWS documentation. |
| AWS EC2 Instance AMI ID |
The unique identifier of the Linux AMI image in Amazon Elastic Compute Cloud (Amazon EC2). For more information, see the Amazon Elastic Compute Cloud Documentation. |
| AWS EC2 Instance Group Name |
The virtual machine instance's group in AWS. |
| AWS EC2 Instance ID |
The unique identifier of the Linux instance in Amazon EC2. For more information, see the Amazon Elastic Compute Cloud Documentation. |
| AWS EC2 Instance State Name |
The state of the virtual machine instance in AWS at the time of the scan. For possible values, see API Instance State in the Amazon Elastic Compute Cloud Documentation. |
| AWS EC2 Instance Type |
The type of virtual machine instance in Amazon EC2. Amazon EC2 instance types dictate the specifications of the instance (for example, how much RAM it has). For a list of possible values, see Amazon EC2 Instance Types in the AWS documentation. |
| AWS EC2 Name |
The name of the virtual machine instance in Amazon EC2. |
| AWS EC2 Product Code |
The product code associated with the AMI used to launch the virtual machine instance in Amazon EC2. |
| AWS Owner ID |
A UUID for the Amazon AWS account that created the virtual machine instance. For more information, see AWS Account Identifiers in the AWS documentation. This attribute contains a value for Amazon EC2 instances only. For other asset types, this attribute is empty. |
| AWS Region |
The region where AWS hosts the virtual machine instance, for example, us-east-1. For more information, see Regions and Availability Zones in the AWS documentation. |
| AWS Subnet ID |
The unique identifier of the AWS subnet where the virtual machine instance was running at the time of the scan. |
| AWS VPC ID |
The unique identifier of the public cloud that hosts the AWS virtual machine instance. For more information, see the Amazon Virtual Private Cloud User Guide. |
| Azure VM ID |
The unique identifier of the Microsoft Azure virtual machine instance. For more information, see Accessing and Using Azure VM Unique ID in the Microsoft Azure documentation. |
| BigFix Asset ID |
The unique identifiers of the asset in IBM BigFix. For more information, see the IBM BigFix documentation. |
| BIOS UUID |
The BIOS UUID of the asset. |
| Created At |
The date and time when Tenable Vulnerability Management created the asset record. |
| Deleted At |
The time and date when a user deleted the asset record. When a user deletes an asset record, Tenable Vulnerability Management retains the record until the asset ages out of the license count. |
| Deleted By |
The user who deleted the asset record. |
| Exposure Score |
The Asset Exposure Score (AES) calculated for the asset. |
| First Scan Time |
The time and date of the first scan run against the asset. |
| First Seen |
The date and time when a scan first identified the asset. |
| FQDN |
The fully-qualified domain name of the host that the vulnerability was detected on. |
| GCP Instance ID |
The unique identifier of the virtual machine instance in Google Cloud Platform (GCP). |
| GCP Project ID |
The customized name of the project to which the virtual machine instance belongs in GCP. For more information, see Creating and Managing Projects in the GCP documentation. |
| GCP Zone |
The zone where the virtual machine instance runs in GCP. For more information, see Regions and Zones in the GCP documentation. |
| Has Agent |
Specifies whether a Tenable Nessus agent scan identified the asset. |
| Has Plugin Results |
Specifies whether the asset has plugin results associated with it. |
| Hostname |
The hostname of the asset. This string is determined by information reported by target plugins, and is dependent on the user's environment and configuration. |
| id |
The UUID of the asset in Tenable Vulnerability Management. |
| Installed Software |
A list of Common Platform Enumeration (CPE) values that represent software applications a scan identified as present on an asset. This field supports the CPE 2.2 format. For more information, see the Component Syntax section of the CPE Specification documentation, Version 2.2. For assets identified in Tenable scans, this field contains data only if a scan using Tenable Nessus Plugin ID 45590 has evaluated the asset. Note: If no scan detects an application within 30 days of the scan that originally detected the application, Tenable Vulnerability Management considers the detection of that application expired. As a result, the next time a scan evaluates the asset, Tenable Vulnerability Management removes the expired application from the Installed Software attribute. This activity is logged as a remove type of attribute change in the asset activity log. |
| Interfaces |
The network interfaces that scans identified on the asset. |
| IPv4 |
An IPv4 address for the asset. |
| IPv6 |
An IPv6 address for the asset. |
| Last Authenticated |
The date and time of the last authenticated scan run against the asset. An authenticated scan that only uses discovery plugins updates the Last Authenticated Scan field, but not the Last Licensed Scan field. |
| Last Licensed Scan Date |
The date and time of the last scan in which the asset was considered "licensed" and counted towards Tenable's license limit. A licensed scan uses non-discovery plugins and can identify vulnerabilities. Unauthenticated scans that run non-discovery plugins update the Last Licensed Scan field, but not the Last Authenticated Scan field. For more information on licensed assets, see Tenable Vulnerability Management Licenses. |
| Last Scan Target |
The FQDN, IPv4 address, or IPv6 address that the scanner last used to target the asset. |
| Last Scan Time |
The time and date of the last scan run against the asset. |
| Last Seen |
The date and time at which the asset was last observed as part of a scan. |
| MAC Address |
A MAC address that a scan has associated with the asset record. |
| Manufacturer TPM ID |
The manufacturer's unique identifiers of the Trusted Platform Module (TPM) associated with the asset. |
| McAfee Epo Agent Guid |
The unique identifier of the McAfee ePO agent that identified the asset. For more information, see the McAfee documentation. |
| McAfee EpoGuid |
The unique identifier of the asset in McAfee ePolicy Orchestrator (ePO). For more information, see the McAfee documentation. |
| Mitigations | (Requires Tenable Lumin license) The mitigations that scans have identified as present on the asset. Tenable Lumin defines mitigations as endpoint protection agents, which include antivirus software, Endpoint Protection Platforms (EPPs), or Endpoint Detection and Response (EDR) solutions |
| NetBIOS Name |
The NetBIOS name for the asset. |
| Network Id |
The ID of the network object associated with scanners that identified the asset. The default network ID is 00000000-0000-0000-0000-000000000000. For more information about networks, see Networks. |
| Operating System |
The operating system that a scan identified as installed on the asset. |
| Qualys Asset ID |
The Asset ID of the asset in Qualys. For more information, see the Qualys documentation This field contains a value only for assets associated with Qualys vulnerabilities you import via the Tenable Vulnerability Management API. For more information, see the Tenable Developer Portal. |
| Qualys Host ID |
The Host ID of the asset in Qualys. For more information, see the Qualys documentation. This field contains a value only for assets associated with Qualys vulnerabilities you import via the Tenable Vulnerability Management API. For more information, see Tenable Developer Portal. |
| Scan Frequency |
The number of times the asset was scanned within the past 90 days. |
| ServiceNow Sys ID |
Where applicable, the unique record identifier of the asset in ServiceNow. For more information, see the ServiceNow documentation. |
| Sources |
The source of the scan that identified the asset. Possible values are:
|
| SSH Fingerprint |
The SSH key fingerprints that scans have associated with the asset record. |
| Symantec EP Hardware Key |
The hardware keys for the asset in Symantec Endpoint Protection. |
| System Type |
The system types as reported by Plugin ID 54615. For more information, see Tenable Plugins. |
| Tags |
Category tags assigned to the asset in Tenable Vulnerability Management. For more information, see Tags. |
| Tenable UUID |
The UUID of the agent present on the asset. This attribute is empty if no agent is present on the asset. |
| Terminated At |
The time and date when a user terminated the virtual machine instance of the asset (for example, in AWS). |
| Terminated By |
The user who terminated the virtual machine instance of the asset. |
| Updated At |
The time and date when the asset record was last updated. |