TOC & Recently Viewed

Recently Viewed Topics

Scan and Policy Templates

Templates facilitate the creation of Scans and Policies.

When you first create a Scan or Policy, the Scan Templates section or Policy Templates section appears, respectively. Templates are provided for scanners and agents. If you have created custom policies, they appear in the User Defined tab.

Note: If a plugin requires authentication or settings to communicate with another system, the plugin is not available on agents. This includes, but is not limited to:

  • Patch management.
  • Mobile device management.
  • Cloud infrastructure audit.
  • Database checks that require authentication.

For information on agent templates, see Agent Scan and Policy Templates.

The following tables list the templates that are available in and brief explanations of each template.

When you configure a Tenable-provided scan template, you can modify only the settings included for the template type. When you create a user-defined template, you can modify a custom set of settings for your scan.

For descriptions of all settings, see Settings.

Scanner Templates

Scanner templates fall into three categories: Discovery, Vulnerabilities, and Compliance.

Tip: In the interface, use the search box to quickly find a template.



Host Discovery

Performs a simple scan to discover live hosts and open ports.

Advanced Scan

Scans without any recommendations.

Basic Network Scan

Performs a full system scan that is suitable for any host. For example, you could use this template to perform an internal vulnerability scan on your organization's systems.

Badlock Detection

Performs remote and local checks for CVE-2016-2118 and CVE-2016-0128.

Bash Shellshock Detection

Performs remote and local checks for CVE-2014-6271 and CVE-2014-7169.

Credentialed Patch Audit

Authenticates hosts and enumerates missing updates.

DROWN Detection

Performs remote checks for CVE-2016-0800.

Intel AMT Security Bypass

Performs remote and local checks for CVE-2017-5689.

Malware Scan

Scans for malware on Windows and Unix systems.

Note: See the Application, Malware, and Content Audits video and the Application, Malicious Software, and Content Audits video for more information about scanning for malware.

Mobile Device Scan

Assesses mobile devices via Microsoft Exchange or an MDM.

Shadow Brokers Scan

Scans for vulnerabilities disclosed in the Shadow Brokers leaks.

Spectre and Meltdown Performs remote and local checks for CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.

WannaCry Ransomware

Scans for the WannaCry ransomware.

Audit Cloud Infrastructure

Audits the configuration of third-party cloud services.

Internal PCI Network Scan

Performs an internal PCI DSS (11.2.1) vulnerability scan.

MDM Config Audit

Audits the configuration of mobile device managers.

Offline Config Audit

Audits the configuration of network devices.

PCI Quarterly External Scan

Performs quarterly external scans as required by PCI.

Note: Because the nature of a PCI ASV scan is more paranoid and may lead to false positives, the scan data is not included in the aggregate data. This is by design.

Policy Compliance Auditing

Audits system configurations against a known baseline.

SCAP and OVAL Auditing

Audits systems using SCAP and OVAL definitions.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.