Agent Templates

You can use templates to create an agent scan or policy.

In both Nessus Manager and Tenable.io, default templates for agent scans appear in the Nessus Agent tab. The manager interface provides brief explanations of each default template.

Note: If you create custom policies for agent scans, those templates appear in the User Defined tab.

The following table briefly describes the settings for the default agent scan templates. You may also have access to special templates.

Nessus Agent Templates

Agent templates fall into three categories: Vulnerabilities, Compliance, and Inventory Collection (Tenable.io only).

Template

Description
Vulnerabilities

Advanced Agent Scan

An agent scan without any recommendations, so that you can fully customize the scan settings. In Tenable.io, the Advanced Agent Scan template allows for two scanning methods:

  • Scan Window - Specify the timeframe during which the agent must report to be included and visible in vulnerability reports.

  • Triggered Scans - Provide the agent with specific criteria that indicates when to launch a scan. The agent launches the scan when one (or more) of the criteria are met. For more information, see Basic Settings in the Tenable.io User Guide.

Note: When you create an agent scan using the Advanced Agent Scan template, you must also select the plugins you want to use for the scan.
Basic Agent Scan

Scans systems connected via Nessus Agents.
Malware Scan

Scans for malware on systems connected via Nessus Agents.

Note: See the Application, Malware, and Content Audits video and the Application, Malicious Software, and Content Audits video for more information about scanning for malware in Nessus.
Compliance
Policy Compliance Auditing

Audits system configurations against a known baseline for systems connected via Nessus Agents.
SCAP and OVAL Auditing

Audits systems using SCAP and OVAL definitions for systems connected via Nessus Agents.
Inventory Collection
Collect Inventory

(Tenable.io only) Scans a compiled inventory via Frictionless Assessment Nessus Agents. For more information, see the Special Use Templates in the Nessus Agent user guide.

Note: Collect Inventory scans provide coverage for:

  • RedHat local security checks

  • CentOS local security checks

  • Amazon Linux local security checks

  • Debian local security checks

  • Fedora local security checks

  • SUSE local security checks

  • Ubuntu local security checks

  • Windows/Microsoft bulletin checks (All Windows roll-up checks since 2017)

Collect Inventory scans do not currently provide coverage for:

  • Malware and compliance checks

  • Third-party Linux application detection (for example, Apache HTTP or Postgres) for instances not installed via dpkg or rpm

  • Third-party Windows applications (for example, Google Chrome or Mozilla Firefox)

  • Microsoft product Patch Tuesday updates (for example, Exchange or Sharepoint)

Note: Nessus Agents running on MacOS and Nessus Agents older than version 10.1.0 do not execute inventory scans, and are excluded from scan results.