Manage Unassessed Assets
Tenable Vulnerability Management can discover, or see, assets without assessing the assets for vulnerabilities (for example, via a host discovery scan, Nessus Network Monitor running in discovery mode, or connectors). Assets that have been seen but not assessed do not count towards your asset license limit. For more information, see Licenses in the Tenable Vulnerability Management User Guide.
This licensing exception allows you to discover assets on your network without the large number of assets counting towards your license limit. After you discover your assets, you can then identify which assets have not yet been scanned for vulnerabilities, and choose which of those assets you want to scan and manage going forward.
The asset_assessed
filter selects assets based on whether the assets have been scanned for vulnerabilities. The filter value of false
corresponds to a null last_licensed_scan_date
asset attribute.
The asset_assessed
filter attribute is false
for assets that you add to Vulnerability Management under the following conditions:
- A scan configured with the Host Discovery template or configured to use only the discovery plugins.
- An import of asset data that does not contain information on vulnerabilities (for example, ServiceNow data).
- A linked instance of Nessus Network Monitor running in discovery mode.
- A connector, until and unless the asset is scanned for vulnerabilities.
To identify assets that have not been assessed:
- Discover assets using any of the following methods:
- Create and launch a host discovery scan in Vulnerability Management.
- Configure Nessus Network Monitor with discovery mode enabled, linked to Vulnerability Management.
- Configure a connector.
Note
Assets discovered by these methods do not count towards your asset license limit until they have been assessed for vulnerabilities.
- Filter workbenches for assets that have not been assessed using the
asset_assessed
filter. For example:
GET https://cloud.tenable.com/workbenches/assets?filter.0.filter=asset_assessed&filter.0.quality=eq&filter.0.value=false
Note
Unassessed assets (where
asset_assessed
is equal tofalse
) can differ from unlicensed assets (whereis_licensed
is equal tofalse
). Once you scan an asset for vulnerabilities, Vulnerability Management categorizes the asset as assessed from that point on, but the licensing status of an asset can change over time as assets are deleted or age out of your organization's license count.
- (Optional) Tag assets that have not been assessed, using a tag rule based on the
asset_assessed
filter. For example:
"filters": {
"asset": {
"or": [
{
"field": "asset_assessed",
"operator": "eq",
"value": false
}
]
}
}
- (Optional) Create a scan to target assets using the tag you created.
Updated 3 days ago