Identify Your Exposure

On the Vulnerability Intelligence page, you can review all vulnerabilities known to Tenable or only those in crucial categories such as Recently Actively Exploited. Then, you can compare the list of vulnerabilities to findings in your environment. This process has two parts: 1) review known vulnerabilities and, 2) compare them to your findings.

Review Known Vulnerabilities

First, build a list of known vulnerabilities to compare with your own findings.

To review vulnerabilities known to Tenable:

  1. In the left navigation, click Vulnerability Intelligence.

    The Vulnerability Intelligence Overview page appears.

  2. (Optional) Click a hexagon tile to choose a vulnerability category. Or, to search all vulnerabilities, click the default category to deselect it.

    In the CVEs tab on the lower area of the page, a table of results appears.

  3. (Optional) Use the Query Builder to refine the results, as described in Use the Query Builder.

  4. (Optional) Click a vulnerability row.

    The Vulnerability Intelligence Profile page appears.

Compare Known Vulnerabilities to Your Findings

Once you have built a list of known vulnerabilities, compare them with your findings in the My Findings tab or the My Affected Assets tab as follows.

Click the My Findings tab and do one of the following:

  • Refine your results with the Query Builder.

  • In a row, click the number in the Affected Assets column.

    The Findings workbench appears. It is grouped by Asset and lists findings for that Tenable plugin.

  • Click the dropdown > to display a list of assets with that finding. Then, click an Asset Name.

    The Asset Details page appears.

Click the My Affected Assets tab and do one of the following:

  • Refine your results with the Query Builder.

    In a row, click the number in the Plugin Count column.

  • The Findings workbench appears. It is grouped by Plugin and lists findings for that asset.

  • Click the dropdown > to display a list of assets with that finding. Then, click an Asset Name.

    A list of plugins that identified findings on that asset appears.