Manage Unassessed Assets

Tenable Vulnerability Management can discover, or see, assets without assessing the assets for vulnerabilities (for example, via a host discovery scan, Nessus Network Monitor running in discovery mode, or connectors). Assets that have been seen but not assessed do not count towards your asset license limit. For more information, see Licenses in the Tenable Vulnerability Management User Guide.

This licensing exception allows you to discover assets on your network without the large number of assets counting towards your license limit. After you discover your assets, you can then identify which assets have not yet been scanned for vulnerabilities, and choose which of those assets you want to scan and manage going forward.

The asset_assessed filter selects assets based on whether the assets have been scanned for vulnerabilities. The filter value of false corresponds to a null last_licensed_scan_date asset attribute.

The asset_assessed filter attribute is false for assets that you add to Vulnerability Management under the following conditions:

  • A scan configured with the Host Discovery template or configured to use only the discovery plugins.
  • An import of asset data that does not contain information on vulnerabilities (for example, ServiceNow data).
  • A linked instance of Nessus Network Monitor running in discovery mode.
  • A connector, until and unless the asset is scanned for vulnerabilities.

To identify assets that have not been assessed:

  1. Discover assets using any of the following methods:

📘

Note

Assets discovered by these methods do not count towards your asset license limit until they have been assessed for vulnerabilities.

  1. Filter workbenches for assets that have not been assessed using the asset_assessed filter. For example:
GET https://cloud.tenable.com/workbenches/assets?filter.0.filter=asset_assessed&filter.0.quality=eq&filter.0.value=false

📘

Note

Unassessed assets (where asset_assessed is equal to false) can differ from unlicensed assets (where is_licensed is equal to false). Once you scan an asset for vulnerabilities, Vulnerability Management categorizes the asset as assessed from that point on, but the licensing status of an asset can change over time as assets are deleted or age out of your organization's license count.

  1. (Optional) Tag assets that have not been assessed, using a tag rule based on the asset_assessed filter. For example:
"filters": {
  "asset": {
    "or": [
      {
        "field": "asset_assessed",
        "operator": "eq",
        "value": false
      }
    ]
  }
}
  1. (Optional) Create a scan to target assets using the tag you created.