Scan and Policy Templates

Templates facilitate the creation of Scans and Policies.

When you first create a Scan or Policy, the Scan Templates section or Policy Templates section appears, respectively. Templates are provided for scanners and agents. If you have created custom policies, they appear in the User Defined tab.

Tip: You can use the search box in the top navigation bar to filter templates in the section currently in view.

The templates that are available may vary. The Tenable.io interface provides brief explanations of each template in the product. This documentation includes a comprehensive explanation of the settings available for each template.

The following tables list the templates that are available in Tenable.io and the settings that are available for those templates.

Note: If a plugin requires authentication or settings to communicate with another system, the plugin is not available on agents. This includes, but is not limited to:

Patch management.
Mobile device management.
Cloud infrastructure audit.
Database checks that require authentication.

For information on agent templates, see Agent Scan and Policy Templates.

Scanner Templates

Template	Description	Settings	Credentials	Compliance/SCAP
Advanced Scan	Scans without any recommendations.	All	All	All
Audit Cloud Infrastructure	Audits the configuration of third-party cloud services.	Basic: All Report: Output Advanced: Debug Settings	Cloud Services	AWS Microsoft Azure Rackspace Salesforce.com
Badlock Detection	Performs remote and local checks for CVE-2016-2118 and CVE-2016-0128.	Basic: General, Schedule, Notifications, Permissions Discovery: All Assessment: General, Windows, Malware Report: All Advanced: Debug Settings	None	Unix Unix File Contents Windows Windows File Contents
Bash Shellshock Detection	Performs remote and local checks for CVE-2014-6271 and CVE-2014-7169.	Basic: All Discovery: Scan Type Assessment: Web Applications Report: Output Advanced: All	Database Host: All Miscellaneous Patch Management Plaintext Authentication	None
Basic Network Scan	Performs a full system scan that is suitable for any host. For example, you could use this template to perform an internal vulnerability scan on your organization's systems.	Basic: All Discovery: Scan Type Assessment: General, Brute Force, Web Applications, Windows Report: All Advanced: Scan Type	Database Host : SSH, Windows Miscellaneous Patch Management Plaintext Authentication	None
Credentialed Patch Audit	Authenticates hosts and enumerates missing updates.	Basic: All Discovery: Scan Type Assessment: Brute Force, Windows, Malware Report: All Advanced: Scan Type	Host : SSH, Windows	None
DROWN Detection	Performs remote checks for CVE-2016-0800.	Basic: All Discovery: Scan Type Report: Output Advanced: All	None	None
Host Discovery	Performs a simple scan to discover live hosts and open ports.	Basic: All Discovery: Scan Type Report: Output Advanced: Performance Options	None	None
Intel AMT Security Bypass	Performs remote and local checks for CVE-2017-5689.	Basic: All Discovery: Scan Type Report: Output Advanced: All	Host : Windows
Internal PCI Network Scan	Performs an internal PCI DSS (11.2.1) vulnerability scan.	Basic: All Discovery: Scan Type Assessment: General, Brute Force, Web Applications, Windows Report: All Advanced: Scan Type	Host : SSH, Windows Patch Management Plaintext Authentication : HTTP	None
Malware Scan	Scans for malware on Windows and Unix systems. Note: See the Application, Malware, and Content Audits video and the Application, Malicious Software, and Content Audits video for more information about scanning for malware.	Basic: All Discovery: Scan Type Assessment: Malware Report: Output Advanced: Scan Type	Host : SSH, Windows	None
MDM Config Audit	Audits the configuration of mobile device managers.	Basic: All Report: Output	Mobile	Mobile Device Manager
Mobile Device Scan	Assesses mobile devices via Microsoft Exchange or an MDM.	Basic: All Report: All Advanced: Debug	Miscellaneous Mobile	None
Offline Config Audit	Audits the configuration of network devices.	Basic: All Report: Output Advanced: Debug	None	Adtran AOS Bluecoat ProxySG Brocade Fabricos Check Point Gaia Cisco IOS Dell Force10 FTOS Extreme ExtremeXOS Fireeye Fortigate Fortios HP Procurve Huawei VRP Juniper Junos Netapp Data Ontap Sonicwall Sonicos Watchguard
PCI Quarterly External Scan	Performs quarterly external scans as required by PCI. Note: Because the nature of a PCI ASV scan is more paranoid and may lead to false positives, the scan data is not included in the aggregate Tenable.io data. This is by design.	Basic: All Discovery: Host Discovery Advanced: Scan Type	Plaintext Authentication : HTTP	None
Policy Compliance Auditing	Audits system configurations against a known baseline.	Basic: All Discovery: Scan Type Report: Output Advanced: Scan Type	Database Host Host : SSH, Windows Miscellaneous Mobile	All
SCAP and OVAL Auditing	Audits systems using SCAP and OVAL definitions.	Basic: All Discovery: Host Discovery Report: All Advanced: Scan Type	Host : SSH, Windows	SCAP Settings
Shadow Brokers Scan	Scans for vulnerabilities disclosed in the Shadow Brokers leaks.	Basic: All Discovery: Scan Type Report: Output Advanced: All	Host : SSH, Windows	None
Spectre and Meltdown	Performs remote and local checks for CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.	Basic: All Discovery: Scan Type Report: Output Advanced: All	Host : SSH, Windows Miscellaneous Patch Management Plaintext Authentication	None
WannaCry Ransomware	Scans for the WannaCry ransomware.	Basic: All Discovery: Scan Type Report: Output Advanced: All	Host : Windows	None

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable, Tenable.io, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.. Tenable.sc, Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.