TOC & Recently Viewed

Recently Viewed Topics

Create a Scan

You can create a scan as a standard user or administrator.

To create a scan:

  1. In the top navigation bar, click Scans.

    The My Scans page appears.

  2. In the upper-right corner, click the New Scan button.

    The Scan Templates page appears.

  3. Select the template you want to use for your scan:

    Note: Use the Advanced Network Scan template to configure a scan without any recommendations.

    Note: Use the Audit Cloud Infrastructure template to audit the configuration of third-party cloud services.

    Note: Use the Badlock Detection template for remote and local checks for CVE-2016-2118 and CVE-2016-0128.

    Note: Use the Bash Shellshock Detection template for remote and local checks for CVE-2014-6271 and CVE-2014-7169.

    Note: Use the Basic Network Scan template for a full system scan that is suitable for any host. For example, you could use this template to perform an internal vulnerability scan on your organization's systems.

    Note: Use the Basic Web App Scan template to scan web applications with a Nessus scanner.

    Note: Use the Credentialed Patch Audit template to authenticate hosts and enumerate missing updates.

    Note: Use the DROWN Detection template for remote checks for CVE-2016-0800.

    Note: Use the Host Discovery template for a simple scan to discover live hosts and open ports.

    Note: Use the Internal PCI Network Scan template to perform an internal PCI DSS (11.2.1) vulnerability scan.

    Note:Use the Malware Scan template to scan for malware on Windows and Unix systems.

    Note: Use the MDM Config Audit template to audit the configuration of mobile device managers.

    Note: Use the Mobile Device Scan template to assess mobile devices via Microsoft Exchange or an MDM.

    Note: Use the Offline Config Audit template to audit the configuration of network devices.

    Note: The PCI Quarterly External Scan template is approved for quarterly external scanning as required by PCI.

    Note: Use the Policy Compliance Auditing template to audit system configurations against a known baseline.

    Note: Use the SCAP and OVAL Auditing template to audit systems using SCAP and OVAL definitions.

  4. Configure the scan:

    1. In the Name box, type a name for the scan.
    2. In the Targets box, type an IP address, hostname, or range of IP addresses.
    3. In the Scanner box, select the scanner or scanner group that you want to perform the scan.
    4. (Optional) Modify the following settings. Otherwise, leave the scan's default settings.

      Settings
      All Settings

      All Basic Settings

      Report: Output

      Basic: General, Permissions

      Discovery: Port Scanning

      Assessment: General, Windows, Malware

      All Report groups

      Advanced: Debug Settings

      All Basic Settings

      Discovery: Scan Type

      Assessment: Web Applications

      Report: Output

      All Advanced Settings

      All Basic Settings

      Discovery: Scan Type

      Assessment: General, Brute Force, Web Applications, Windows

      All Report groups

      Advanced: Scan Type

      All Basic Settings

      Discovery: Scan Type

      Assessment: General, Web Applications

      All Report groups

      Advanced: Scan Type

      All Basic Settings

      Discovery: Scan Type

      Assessment: Brute Force, Windows, Malware

      All Report groups

      Advanced: Scan Type

      All Basic Settings

      Discovery: Scan Type

      Report: Output

      Advanced: General, Performance, Debug

      All Basic Settings

      Discovery: Scan Type

      Report: Output

      All Basic Settings

      Discovery: Scan Type

      Assessment: General, Brute Force, Web Applications, Windows

      All Report groups

      Advanced: Scan Type

      All Basic Settings

      Discovery: Scan Type

      Assessment: Malware

      Report: Output

      Advanced: Scan Type

      All Basic Settings

      Report: Output

      All Basic Settings

      All Report groups

      Advanced: Debug

      All Basic Settings

      Report: Output

      Advanced: Debug

      All Basic Settings

      Discovery: Host Discovery

      Advanced: Scan Type

      All Basic Settings

      Discovery: Scan Type

      Report: Output

      Advanced: Scan Type

      All Basic Settings

      Discovery: Host Discovery

      All Report groups

      Advanced: Scan Type

    5. If you want to perform a credentialed scan, click the Credentials tab. Specify the credentials that you want to use for the scan.

      Credentials
      All Credentials
      Cloud Services

      SSH

      Windows

      Database

      Host

      Miscellaneous

      Patch Management

      Plaintext Authentication

      Database

      Host

      Miscellaneous

      Patch Management

      Plaintext Authentication

      HTTP

      SSH

      Windows

      None
      None
      SSH

      Windows

      Patch Management

      SSH

      Windows

      Mobile

      Miscellaneous

      Mobile

      None
      None

      Database

      SSH

      Windows

      Miscellaneous

      Mobile

      SSH

      Windows

    6. If you want to use the scan to audit compliance, click the Compliance tab, and then specify which of the following platforms you want to audit. Tenable, Inc. provides best practice audits for each platform. Additionally, you can upload a custom audit file.

      Compliance/SCAP Required Credentials
      All Any credentials corresponding to the selected audits.

      AWS

      Microsoft Azure

      Rackspace

      Salesforce.com

      The corresponding Cloud Services credentials.

      None

      None

      None None
      None None
      None None
      None None
      None None
      None None
      None None
      None None
      Mobile Device Manager The corresponding AirWatch, Apple Profile Manager, or MobileIron credentials.
      None None

      Adtran AOS

      Bluecoat ProxySG

      Brocade Fabricos

      Check Point Gaia

      Cisco IOS

      Dell Force10 FTOS

      Extreme ExtremeXOS

      FireEye

      Fortigate Fortios

      HP Procurve

      Huawei VRP

      Juniper Junos

      Netapp Data Ontap

      SonicWALL SonicOs

      WatchGuard

      SSH
      None None
      All Any credentials corresponding to the selected audits.

      Linux (SCAP)

      Linux (OVAL)

      Windows (SCAP)

      Windows (OVAL)

      None
    7. (Optional; Advanced Network Scan only) Select security checks by plugin.

  5. If you wish to save the scan to launch at a later date, click Save.

    Tenable.io saves the scan.

    -or-

    If you want to launch the scan immediately:

    1. Click the down button
    2. Click Launch.

    Tenable.io saves and launches the scan.

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.