Create an Attack Surface Discovery Scan with Bit Discovery

Note: The Attack Surface Discovery scan template is only available in Tenable Nessus Expert.

You can use Tenable Nessus's integration with Bit Discovery to create an attack surface discovery scan. This scan type allows you to scan top-level domains and generate DNS records based on the scan findings. Tenable Nessus Expert allows you to scan up to five different licensed domains.

To create an attack surface discovery scan:

  1. In the top navigation bar, click Scans.

    The My Scans page appears.

  2. In the upper right corner, click the New Scan button.

    The Scan Templates page appears.

  3. Under Discovery, click the Attack Surface Discovery template.
  4. Configure the scan:
    1. For Basic, enter the scan name, description, schedule, and the folder to save the scan in.
    2. For Discovery, enter the top-level domains you want to scan. You can enter up to five domains.

      Note: You can only enter two-part domains (for example, you can enter tenable.com, but you cannot enter docs.tenable.com). If you need to scan multiple domains, list them in a comma-separated list (for example, tenable.com, test.com, example.com).
  5. Do one of the following:

    • To save the scan configuration for later, click Save. You can launch it from the folder you selected in step 4.

    • To launch the scan immediately, click the down button, and then click Launch.

      Tenable Nessus runs the attack surface discovery scan, and the My Scans page appears.

What to do next:

  • Launch the scan.

  • View the scan results.

  • Modify the scan settings.

  • Create a scan report.

    Note: Tenable Nessus only offers two report templates for attack surface discovery scans: Complete List of Vulnerabilities by Host and Detailed Vulnerabilities By Host.
  • Export the scan results.

    Note: Only the Nessus DB export option is available for attack surface discovery scans.