TOC & Recently Viewed

Recently Viewed Topics

Basic Settings

The Basic scan settings are used to specify certain organizational and security-related aspects of the scan or policy, including the name of the scan, its targets, whether the scan is scheduled, and who has access to the scan, among other settings.

Note: Configuration items that are required by a particular scan or policy are indicated in the interface.

The Basic settings include the follow sections:

The following tables list all available Basic settings by section.


Setting Default Value Description



Specifies the name of the scan or policy. This value is displayed on the Nessus interface.



(Optional) Specifies a description of the scan or policy.

Scan Results

Show in dashboard

Specifies whether the results of the scan should appear in dashboards or be kept private.

When set to Keep private, you must access the scan directly to view the results.


My Scans

Specifies the folder where the scan appears after being saved.

Agent Groups None

(Agent scans only) Specifies the agent group or groups you want the scan to target. Select an existing agent group from the drop-down box, or create a new agent group. For more information, see Create a New Agent Group.

Scan Window 1 hour (Agent scans only) (Required) Specifies the time frame during which agents must report in order to be included and visible in vulnerability reports. Use the drop-down box to select an interval of time, or click to type a custom scan window.



Specifies the scanner that performs the scan.

The default scanner varies based on the organization and user.

Target Groups


You can select or add a new target group to which the scan applies. Assets in the target group are used as scan targets.



Specifies one or more targets to be scanned. If you select a target group or upload a targets file, you are not required to specify additional targets.

Targets can be specified using a number of different formats.

Tip: You can force to use a given host name for a server during a scan by using the hostname[ip] syntax (e.g.,[]).

Upload Targets


Uploads a text file that specifies targets.

The targets file must be formatted in the following manner:

  • ASCII file format
  • Only one target per line
  • No extra spaces at the end of a line
  • No extra lines following the last target

Note: Unicode/UTF-8 encoding is not supported.


By default, scans are not scheduled. When you first access the Schedule section, the Enable Schedule setting appears, set to Off. To modify the settings listed on the following table, click the Off button. The rest of the settings appear.

Setting Default Value Description



Specifies how often the scan is launched.

  • Once: Schedule the scan at a specific time.
  • Daily: Schedule the scan to occur on a daily basis, at a specific time or to repeat up to every 20 days.
  • Weekly: Schedule the scan to occur on a recurring basis, by time and day of week, for up to 20 weeks.
  • Monthly: Schedule the scan to occur every month, by time and day or week of month, for up to 20 months.
  • Yearly: Schedule the scan to occur every year, by time and day, for up to 20 years.



Specifies the exact date and time when a scan launches.

The starting date defaults to the date when you are creating the scan. The starting time is the nearest half-hour interval. For example, if you create your scan on 09/31/2018 at 9:12 AM, the default starting date and time is set to 09/31/2018 and 09:30.



Specifies the timezone of the value set for Starts.

Repeat Every Varies Specifies the interval at which a scan is relaunched. The default value of this item varies based on the frequency you choose.
Repeat On Varies

Specifies what day of the week a scan repeats. This item appears only if you specify Weekly for Frequency.

The value for Repeat On defaults to the day of the week on which you create the scan.

Repeat By Day of the Month Specifies when a monthly scan is relaunched. This item appears only if you specify Monthly for Frequency.



Provides a summary of the schedule for your scan based on the values you have specified for the available settings.


Setting Default Value Description

Email Recipient(s)

None Specifies zero or more email addresses, separated by commas, that are alerted when a scan completes and the results are available.

Result Filters

None Defines the type of information to be emailed.


Using settings in the Permissions section, you can assign various permissions to groups and individual users. When you assign a permission to a group, that permission applies to all users within the group. The following table describes the permissions that can be assigned.

Setting Description
Data Sharing
Scan Results

Specifies whether you want scan results to be private to your user account, or appear in the Vulnerabilities and Assets workbenches.

User Sharing (All)

For scans, specifies the only user who can delete the scan.

For policies, specifies the only user who can delete the policy or modify permissions for the policy.

This setting is only visible if you are the scan or policy owner. By default, you are assigned ownership when you create the scan or policy.

No Access

(Default permission) Groups and users set to No Access cannot interact with the scan or policy in any way.

User Sharing (Scans only)

Can View

Groups and users set to Can View can view the results of the scan. They can also move the scan to their Trash folder but cannot delete it.

Can Control

Groups and users set to Can Control can launch, pause, and stop a scan, in addition to performing any tasks allowed by Can View.

Can Configure

Groups and users set to Can Configure can modify any setting for the scan except scan ownership, in addition to performing any tasks allowed by Can Control.

User Sharing (Policies only)
Can Use

Groups and users set to Can Use can use the policy to create scans.

Can Edit

Groups and users set to Can Edit can modify any setting for the policy except permissions, in addition to performing any tasks allowed by Can Use.

Can Configure

Groups and users set to Can Configure can modify any setting for the policy except policy ownership, in addition to performing any tasks allowed by Can Edit.


In policy templates, you can use Authentication settings to configure the actions performs when authenticating certain types of credentialed scans. Authentication settings are used by scans created from the policy. The Authentication settings are equivalent to the Scan-wide Credential Type Settings you can set in a scan that is not based on a user-defined policy.

Setting Default Value Description
equivalent to Scans > Credentials > Plaintext Authentication >  SNMPv1/v2c

UDP Port

161 Ports where attempts to authenticate on the host device.
Additional UDP port #1 161
Additional UDP port #2 161
Additional UDP port #3 161
equivalent to Scans > Credentials > Plaintext Authentication > HTTP

Login method


Specify if the login action is performed via a GET or POST request.

Re-authenticate delay (seconds)


The time delay between authentication attempts. Setting a time delay is useful to avoid triggering brute force lockout mechanisms.

Follow 30x redirections (# of levels)


If a 30x redirect code is received from a web server, this setting directs to follow the link provided or not.

Invert authenticated regex


A regex pattern to look for on the login page, that if found, tells that authentication was not successful (e.g., Authentication failed!).

Use authenticated regex on HTTP headers


Rather than search the body of a response, can search the HTTP response headers for a given regex pattern to better determine authentication state.

Case insensitive authenticated regex Disabled

he regex searches are case sensitive by default. This instructs to ignore case.

equivalent to Scans > Credentials > Plaintext Authentication > telnet/ssh/rexec
Perform patch audits over telnet Disabled uses telnet to connect to the host device for patch audits.
Perform patch audits over rsh Disabled uses rsh to connect to the host device for patch audits.
Perform patch audits over rexec Disabled uses rexec to connect to the host device for patch audits.
equivalent to Scans > Credentials > Host > Windows
Never send credentials in the clear


By default, for security reasons, this option is enabled.

Do not use NTLMv1 authentication


If the Do not use NTLMv1 authentication option is disabled, then it is theoretically possible to trick into attempting to log into a Windows server with domain credentials via the NTLM version 1 protocol. This provides the remote attacker with the ability to use a hash obtained from This hash can be potentially cracked to reveal a username or password. It may also be used to directly log into other servers. Force to use NTLMv2 by enabling the Only use NTLMv2 setting at scan time. This prevents a hostile Windows server from using NTLM and receiving a hash. Because NTLMv1 is an insecure protocol, this option is enabled by default.

Start the Remote Registry service during the scan


This option tells to start the Remote Registry service on computers being scanned if it is not running. This service must be running in order for to execute some Windows local check plugins.

Enable administrative shares during the scan


This option allows to access certain registry entries that can be read with administrator privileges.

equivalent to Scans > Credentials > Host > SSH
known_hosts file


If you upload an SSH known_hosts file, only attempts to log in to hosts in this file. This can ensure that the same username and password you are using to audit your known SSH servers is not used to attempt a log into a system that may not be under your control.

Preferred port


The port on which SSH is running on the target system.

Client version


The type of SSH client impersonates while scanning.

Attempt least privilege


Enables or disables dynamic privilege escalation. When enabled, attempts to run the scan with an account with lesser privileges, even if theElevate privileges with option is enabled. If a command fails, escalates privileges. Plugins 101975 and 101976 report which plugins ran with or without escalated privileges.

Note: Enabling this option may increase scan run time by up to 30%.

Amazon AWS
equivalent to Scans > Credentials > Cloud Services > Amazon AWS
Regions to access

Rest of the World

In order for to audit an Amazon AWS account, you must define the regions you want to scan. Per Amazon policy, you need different credentials to audit account configuration for the China region than you do for the rest of the world.

Possible regions include:

  • GovCloud—If you select this region, you automatically select the government cloud (e.g., us-gov-west-1).

  • Rest of the World—If you select this region, the following additional options appear:

    • us-east-1

    • us-east-2

    • us-west-1

    • us-west-2

    • ca-central-1

    • eu-west-1

    • eu-west-2

    • eu-central-1

    • ap-northeast-1

    • ap-northeast-2

    • ap-southeast-1

    • ap-southeast-2

    • sa-east-1

  • China—If you select this region, the following additional options appear:

    • cn-north-1

    • cn-northwest-1



Whether authenticates over an encrypted (HTTPS) or an unencrypted (HTTP) connection.

Verify SSL Certificate


Whether verifies the validity of the SSL digital certificate.

equivalent to Scans > Credentials > Cloud Services > Rackspace

Location of the Rackspace Cloud instance. Possible locations include:

  • Dallas-Fort Worth (DFW)
  • Chicago (ORD)
  • Northern Virginia (IAD)
  • London (LON)
  • Syndney (SYD)
  • Hong Kong (HKG)
Microsoft Azure
equivalent to Scans > Credentials > Cloud Services > Amazon AWS
Subscription IDs

List subscription IDs to scan, separated by a comma. If this field is blank, all subscriptions are audited.

Apple Profile Manager
equivalent to Scans > Credentials > Mobile > Apple Profile Manager
Force device updates Enabled

Force devices to update with Apple Profile Manager immediately.

Device update timeout (minutes) 5

Number of minutes to wait for devices to reconnect with Apple Profile Manager.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.