TOC & Recently Viewed

Recently Viewed Topics

About Target Groups

Note: System target view permissions have been migrated to access groups. Scan permissions are still managed by system target groups.

A Target Group allows you to set permissions on which hosts users can scan. By default, all users can scan all hosts.

You must grant at least one user the ability to run scans, either by changing the default target permissions or by granting individual users permissions within a target group.

Target Groups page

Target Group Types
System

System target groups are used to set permissions on which hosts a user can scan. By default, all users can scan all hosts. You can restrict this by removing scan permissions on the default target group and creating additional target groups with more granular permissions.

Optionally, you can enable asset isolation to deactivate the default target group and control scanning permissions via individual system target group settings. For more information, see Enable or Disable Asset Isolation.

User User target groups do not grant scan or view permissions. Instead, user target groups provide more granular filtering on the hosts permitted to you in system target groups. You can use these lists when filtering dashboards or configuring scans.

You can use target groups in scans based on the permissions assigned to the target group.

Target Group Settings

Setting

Description

General

Name

A name for the target group.

Targets

A comma-separated list of FQDNs or IP address ranges that you want to scan.

Upload Targets

A text file containing a comma-separated list of FQDNs or IP address ranges that you want to scan.

The system adds the uploaded targets to the Targets box after you save the target group.

Permissions

Add users or groups

One or more existing user accounts that you want to grant permissions to scan the target group.

Note: Target group permissions do not increase user role permissions (e.g., basic users cannot run scans). Consider a user's role when assigning them target group permissions.

Default

The default permissions for user accounts not listed in the Add users or groups box.

System target groups: No access, Can use, or Can scan

User target groups: No access, Can use, or Can change

For descriptions of the permissions, see the Target Group Permissions table.

Target Group Permissions

Permission

Description

System target groups

No access

Users assigned this permission cannot scan hosts in the system target group or use hosts in the system target group to filter dashboards.

Can use

Users assigned this permission can use hosts in the system target group to filter dashboards.

Can scan

Users assigned this permission can scan hosts in the system target group.

User target groups

No access

Users assigned this permission cannot configure scans for hosts in the user target group or use hosts in the user target group to filter dashboards.

Can use

Users assigned this permission can use hosts in the user target groups to filter dashboards and configure scans.

Can scan

Users assigned this permission can modify the user target group.

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.