Vulnerability inventory

When viewing vulnerabilities, you can use the keywords in this section to search and filter.

Vulnerability ID

The ID field is the unique identifier for a given vulnerability, written as a UUID. Use the syntax id:<uuid> to filter by the ID field.

id:a124a141-e518-4735-9878-8e89c575b1d2

Source

The source reporting the vulnerability detected can be searched or filtered by name using the syntax source:<name>.

source:tenable

Severity

The severity field can be searched using the syntax severity:<term>.

severity:info
severity:medium

Severity score

The severity score can be searched using the syntax severity_score:<term>. The term supports numerical comparison operators (>, >=, <, <=, =).

severity_score:<5.0
severity_score:>=9.0

Risk

The risk field can be searched using the syntax risk:<term>.

risk:none
risk:critical

Risk score

The risk score can be searched using the syntax risk_score:<term>. The term supports numerical comparison operators (>, >=, <, <=, =).

risk_score:>7.0
risk_score:=10.0

Category

The category field can be searched using the syntax category:<term>.

category:Local
category:Remote

Name

The name field can be searched using the syntax name:<term>.

name:"Cisco IOS Software DHCP Remote Code Execution Vulnerability"
name:"PHP < 5.3.12 / 5.4.2 CGI Query String Code Execution"

Description

The description field can be searched using the syntax description:<term>.

description:"The remote device is missing a vendor-supplied security patch."
description:"remote code execution"

Solution

The solution field can be searched using the syntax solution:<term>.

solution:patch
solution:upgrade

CVE

The CVE field can be searched using the syntax cve:<term>.

cve:CVE-2021-44228
cve:CVE-2016-2183

CVSSv2 score

The CVSSv2 fields, cvss2_base_score and cvss2_temporal_score, can be searched using the syntax cvss2_base_score:<term> and cvss2_temporal_score:<term>. The term supports numerical comparison operators (>, >=, <, <=, =).

cvss2_base_score:>6.5
cvss2_base_score:<=3.0
cvss2_temporal_score:=10.0
cvss2_temporal_score:<5.0

CVSSv3 score

The CVSSv3 fields, cvss3_base_score and cvss3_temporal_score, can be searched using the syntax cvss3_base_score:<term> and cvss3_temporal_score:<term>. The term supports numerical comparison operators (>, >=, <, <=, =).

cvss3_base_score:>6.5
cvss3_base_score:<=3.0
cvss3_temporal_score:=10.0
cvss3_temporal_score:<5.0

Address

The address field can be searched using the syntax address:<term>.

address:192.168.0.1

Transport

The transport field can be searched using the syntax transport:<term>.

transport:tcp
transport:udp

Port

The port can be searched using the syntax port:<term>. The term supports numerical comparison operators (>, >=, <, <=, =).

port:22
port:443

Detection timestamps (first detected at, last detected at)

The timestamp fields, first_detected_at and last_detected_at, can be searched using the syntax first_detected_at:<term> and last_detected_at:<term>. The term supports the standard runZero [time comparison syntax][time].

first_detected_at:>2weeks
first_detected_at:<30minutes
last_detected_at:>1month
last_detected_at:2hours

Publication timestamps (published at)

The timestamp field, published_at, can be searched using the syntax published_at:<term>. The term supports the standard runZero [time comparison syntax][time].

published_at:>2weeks
published_at:<30minutes

Timestamps (created at, updated at)

The timestamp fields, created_at and updated_at, can be searched using the syntax created_at:<term> and updated_at:<term>. The term supports the standard runZero [time comparison syntax][time].

created_at:>2weeks
created_at:<30minutes
updated_at:>1month
updated_at:2hours

Attributes

You can search all vulnerability attributes with the syntax <attribute>:<term>. This search term supports numerical comparison operators (>, >=, <, <=, =).

If the attribute name conflicts with an existing term, the prefix _vulnerability. can be added to disambiguate the query.

plugin.hasPatch:true
severityID:3
_vulnerability.state:REOPENED

To determine if a vulnerability has any attribute defined, use the has:<term> keyword. The has keyword can be inverted to find missing fields with not has:<term>.

has:plugin.vpr.score
not has:output