Query Builder Filters
On the Vulnerability Intelligence page and the Vulnerability Profile page, use the Query Builder to refine your results. Show only the CVEs, findings, or affected assets you want to take action on.
The following table lists the filters you can use with the Query Builder and the tabs they appear in.
| Filter | Description | Appears In... |
|---|---|---|
| ACR |
Filter by Tenable-defined Asset Criticality Rating (ACR) as a number from 1 to 10. |
My Findings, My Affected Assets |
| AES |
Filter by Tenable-defined Asset Exposure Score (AES) as a number from 0 to 1000. |
My Findings, My Affected Assets |
| Asset Name | Filter by asset name, for example the IPv4 address 206.206.136.40. | My Findings, My Affected Assets |
| Category | Filter by category, as described in Vulnerability Categories. | CVEs, My Findings, My Affected Assets |
| Common Name | Filter by a vulnerability's common name, for example Log4Shell. Not all vulnerabilies have a common name. | CVEs, My Findings, My Affected Assets |
| CVE ID | Filter by Common Vulnerabilities and Exposures (CVE) ID, for example CVE-2002-2024. | CVEs, My Findings, My Affected Assets |
| CVSSv2 Base Score | Filter by the CVSSv2 score for the vulnerability, for example 5.2. When not available from NVD, Tenable determines this score. To learn more, see CVSS vs. VPR. | CVEs, My Findings, My Affected Assets |
| CVSSv3 Attack Complexity | Filter by attack complexity, which defines how difficult it is to use a vulnerability in an attack. Choose from High or Low. | CVEs, My Findings, My Affected Assets |
| CVSSv3 Attack Vector | Filter by attack vector, which defines an attack's location. Choose from Adjacent, Network, Local, or Physical. | CVEs, My Findings, My Affected Assets |
| CVSSv3 Availability | Filter by the affected asset's availability. Choose from High, Low, or None. For example, an affected asset with High is completely unavailable. | CVEs, My Findings, My Affected Assets |
| CVSSv3 Base Score | Filter by the CVSSv3 score for the vulnerability, for example 4.3. When not available from NVD, Tenable determines this score. To learn more, see CVSS vs. VPR. | CVEs, My Findings, My Affected Assets |
| CVSSv3 Confidentiality |
Filter by the expected impact of the affected asset's information confidentiality loss. Choose from High, Low, or None. For example, an affected asset with High may have a catastrophic adverse effect on your organization or customers. |
CVEs, My Findings, My Affected Assets |
| CVSSv3 Integrity | Filter by the expected impact of the affected asset's data integrity loss. Choose from High, Low, or None. | CVEs, My Findings, My Affected Assets |
| CVSSv3 Privileges Required | Filter by the permission level attackers require to exploit the vulnerability. Choose from High, Low, or None. None means attackers need no permissions in your environment and can exploit the vulnerability while unauthorized. | CVEs, My Findings, My Affected Assets |
| CVSSv3 Scope |
Filter by whether a vulnerability allows attackers to compromise resources beyond an affected asset's normal authorization privileges. Choose from Unchanged or Changed. Changed means the vulnerability increases the affected asset's privileges. |
CVEs, My Findings, My Affected Assets |
| CVSSv3 User Interaction |
Filter by whether a vulnerability requires other users (such as end users) for attackers to be able to use it. Choose from Required or None. None is more severe since it means that no additional user interaction is required. |
CVEs, My Findings, My Affected Assets |
| EPSS Score |
Filter by the percentage likelihood that a vulnerability will be exploited, based on the third-party Exploit Prediction Scoring System (EPSS). Type a number from 1 to 100 with up to three decimal places, for example, 50.5. |
CVEs, My Findings, My Affected Assets |
| Exploit Maturity | Filter by exploit maturity based on sophistication and availability. This information is drawn from Tenable’s own research as well as key external sources. Choose from High, Functional, PoC, or Unproven. | CVEs, My Findings, My Affected Assets |
| First Discovered | Filter for the date a vulnerability was first identified. Use Operators to get results based on a date range, a specific date, vulnerabilities older than a date, and others. | CVEs, My Findings, My Affected Assets |
| First Functional Exploit |
Filter for the date a vulnerability was first known to be exploited. Use Operators to get results based on a date range, a specific date, vulnerabilities older than a date, and others. |
CVEs, My Findings, My Affected Assets |
| First Proof of Concept | Filter for the date a vulnerability's first proof of concept was found. Use Operators to get results based on a date range, a specific date, vulnerabilities older than a date, and others. | CVEs, My Findings, My Affected Assets |
| IPv4 Address | Filter for affected asset IPv4 addresses as a single IP, an IP range, or an IP Classless Inter-Domain Routing (CIDR) block. For example, type 172.16.2.1-172.16.2.100. | My Findings, My Affected Assets |
| IPv6 Address | Filter for affected asset IPv6 addresses as a single IP, an IP range, or an IP Classless Inter-Domain Routing (CIDR) block. For example, type ::ffff:c0a8:102. | My Findings, My Affected Assets |
| Last Seen | Filter for the date a finding affected or asset last appeared on a scan. Use Operators to get results based on a date range, a specific date, vulnerabilities older than a date, and others. | My Findings, My Affected Assets |
| Plugins Available | Filter by whether or not a vulnerability currently has a Tenable plugin that detects it. Choose from Yes or No. | CVEs, My Findings, My Affected Assets |
| Plugin ID | Filter by the ID of the Tenable plugin that detected the vulnerability, for example 157288. To look up plugin IDs, go to the Tenable website. | CVEs, My Findings, My Affected Assets |
| Plugin Name | Filter by the name of the Tenable plugin that detected the vulnerability, for example TLS Version 1.1 Protocol Deprecated. | My Findings, My Affected Assets |
| Tags | Filter by tags on your affected assets by choosing them from a list. To learn more, see Tags. | My Findings, My Affected Assets |
| VPR |
Filter by the Tenable-calculated Vulnerability Priority Rating (VPR) score, as a number from 1 to 10. Note: A finding's VPR is based on the VPR of the plugin that identified it. When plugins are associated with multiple vulnerabilities, the highest VPR appears.
|
CVEs, My Findings, My Affected Assets |
| VPR Threat Intensity | Filter for a vulnerability's Tenable-calculated threat intensity based on the number and frequency of threat events. Choose from Very Low, Low, Medium, High, or Very High. | CVEs, My Findings, My Affected Assets |
| Weaponization | Filter by whether a vulnerability is judged to be ready for use in a cyberattack. Choose from Advanced Persistent Threat, Botnet, Malware, Ransomware, or Rootkit. | CVEs, My Findings, My Affected Assets |