Templates

Templates are used to facilitate the creation of Scans and Policies.

When you first create a Scan or Policy, the Scan Templates section or Policy Templates section appears, respectively. Templates are provided for scanners and agents. If you have created custom policies, they appear in the User Defined tab.

Tip: You can use the search box on the top navigation bar to filter templates in the section currently in view.

The templates that are available may vary. The Tenable.io interface provides brief explanations of each template in the product. This documentation includes a comprehensive explanation of the settings that are available for each template. Additionally, the following tables list the templates that are available in Tenable.io and the settings available for those templates.

Scanner Templates

Template	Description	Settings	Credentials	Compliance/SCAP
Advanced Network Scan	Scans without any recommendations.	All	All	All
Audit Cloud Infrastructure	Audits the configuration of third-party cloud services.	All Basic Settings Report: Output Advanced: Debug Settings	Cloud Services	AWS Microsoft Azure Rackspace Salesforce.com
Badlock Detection	Performs remote and local checks for CVE-2016-2118 and CVE-2016-0128.	All Basic Settings Discovery: Scan Type Report: Output All Advanced Settings	Host	None
Bash Shellshock Detection	Performs remote and local checks for CVE-2014-6271 and CVE-2014-7169.	All Basic Settings Discovery: Scan Type Assessment: Web Applications Report: Output All Advanced Settings	Host	None
Basic Network Scan	Performs a full system scan that is suitable for any host. For example, you could use this template to perform an internal vulnerability scan on your organization's systems.	All Basic Settings Discovery: Scan Type Assessment: Scan Type All Report groups Advanced: Scan Type	Database Host Miscellaneous Patch Management Plaintext Authentication	None
Credentialed Patch Audit	Authenticates hosts and enumerates missing updates.	All Basic Settings Discovery: Scan Type Assessment: Brute Force, Windows, Malware All Report groups Advanced: Scan Type	Database Host Miscellaneous Patch Management Plaintext Authentication	None
DROWN Detection	Performs remote checks for CVE-2016-0800.	All Basic Settings Discovery: Scan Type Report: Output All Advanced Settings	None	None
Host Discovery	Performs a simple scan to discover live hosts and open ports.	All Basic Settings Discovery: Scan Type Report: Output	None	None
Intel AMT Security Bypass Detection	Performs remote and local checks for CVE-2017-5689	All Basic Settings Discovery: Scan Type Report: Output All Advanced Settings	Host	None
Internal PCI Network Scan	Performs an internal PCI DSS (11.2.1) vulnerability scan.	All Basic Settings Discovery: Scan Type Assessment: Scan Type All Report groups Advanced: Scan Type	Host Patch Management	None
Malware Scan	Scans for malware on Windows and Unix systems.	All Basic Settings Discovery: Scan Type Assessment: Malware Report: Output Advanced: Scan Type	Host	None
MDM Config Audit	Audits the configuration of mobile device managers.	All Basic Settings Report: Output	Mobile	Mobile Device Manager
Mobile Device Scan	Assesses mobile devices via Microsoft Exchange or an MDM.	All Basic Settings All Report groups Advanced: Debug	Miscellaneous Mobile	None
Offline Config Audit	Audits the configuration of network devices.	All Basic Settings Report: Output Advanced: Debug	None	Adtran AOS Arista EOS Bluecoat ProxySG Brocade FabricOS Check Point Gaia Cisco IOS Dell Force10 FTOS Extreme ExtremeXOS Fireeye Fortigate Fortios HP Procurve Huawei VRP Juniper Junos Netapp Data Ontap Sonicwall Sonicos Watchguard
PCI Quarterly External Scan	Performs quarterly external scans as required by PCI.	All Basic Settings Discovery: Host Discovery Advanced: Scan Type	None	None
Policy Compliance Auditing	Audits system configurations against a known baseline.	All Basic Settings Discovery: Scan Type Report: Output Advanced: Scan Type	Database Host Miscellaneous Mobile	All
SCAP and OVAL Auditing	Audits systems using SCAP and OVAL definitions.	All Basic Settings Discovery: Scan Type All Report groups Advanced: Scan Type	Host	Linux (SCAP) Linux (OVAL) Windows (SCAP) Windows (OVAL)
Shadow Brokers Scan	Scans for vulnerabilities disclosed in the Shadow Brokers leaks.	All Basic Settings Discovery: Scan Type Report: Output All Advanced Settings	Host	None
WannaCry Ransomware Detection	Scans for the WannaCry ransomware.	All Basic Settings Discovery: Scan Type Report: Output All Advanced Settings	Host	None

Agent Templates

Template	Description	Settings	Credentials	Compliance/SCAP
Advanced Agent Scan When you create an agent scan using the Advanced Agent Scan template, you must also select the plugins you want to use for the scan.	Scans without any recommendations.	All Basic Settings Discovery: Port Scanning Assessment: General, Windows, Malware All Report groups Advanced: Debug	None	Unix Unix File Contents Windows Windows File Contents
Basic Agent Scan	Scans systems connected via Nessus Agents.	All Basic Settings Discovery: Port Scanning Assessment: Scan Type All Report groups Advanced: Debug	None	None
Malware Scan	Scans for malware on systems connected via Nessus Agents.	All Basic Settings Discovery: Port Scanning Assessment: General, Malware All Report groups Advanced: Debug	None	None
Policy Compliance Auditing	Audits systems connected via Nessus Agents.	All Basic Settings Discovery: Port Scanning Report: Output Advanced: Debug	None	Unix Unix File Contents Windows Windows File Contents
SCAP and OVAL Agent Auditing	Audits systems using SCAP and OVAL definitions.	All Basic Settings Discovery: Port Scanning Report: Output Advanced: Debug	None	Linux (SCAP) Linux (OVAL) Windows (SCAP) Windows (OVAL)

Copyright © 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.