Basic Settings for Scans

Note: This topic describes Basic settings you can set in scans. For Basic settings in policies, see Basic Settings for Policies.

The Basic scan settings are used to specify certain organizational and security-related aspects of the scan, including the name of the scan, its targets, whether the scan is scheduled, and who has access to the scan, among other settings.

Configuration items that are required by a particular scan are indicated in the Tenable Nessus interface.

The Basic settings include the follow sections:

The following tables list all available Basic settings by section.

General

Setting	Default Value	Description
Agent Groups	None	(Agent scans only) Specifies the agent group or groups you want the scan to target. Select an existing agent group from the drop-down box, or create a new agent group. For more information, see Create a New Agent Group.
Dashboard	Disabled	(Tenable Nessus Manager only) (Optional) Determines whether the scan results page defaults to the interactive dashboard view.
Description	None	(Optional) Specifies a description of the scan.
Folder	My Scans	Specifies the folder where the scan appears after being saved.
Name	None	Specifies the name of the scan. This value is shown on the Tenable Nessus interface.
Policy	None	This setting appears only when the scan owner edits an existing scan that is based on a policy. Note: After scan creation, you cannot change the Tenable-provided template on which a scan is based. In the drop-down box, select a policy on which to base the scan. You can select policies for which you have Can View or higher permissions. In most cases, you set the policy at scan creation, then keep the same policy each time you run the scan. However, you may want to change the policy when troubleshooting or debugging a scan. For example, changing the policy makes it easy to enable or disable different plugin families, change performance settings, or apply dedicated debugging policies with more verbose logging. When you change the policy for a scan, the scan history retains the results of scans run under the previously-assigned policy.
Scan Window	1 hour	(Agent scans only) (Required) Specifies the time frame during which agents must report in order to be included and visible in vulnerability reports. Use the drop-down box to select an interval of time, or click to type a custom scan window.
Scanner	Auto-Select	(Tenable Nessus Manager only) Specifies the scanner that performs the scan. The scanners you can select for this parameter depend on the scanners and scanner groups configured for your Tenable Vulnerability Management instance, as well as your permissions for those scanners or groups.
Select Targets	n/a	(--aws-scanner Tenable Nessus scanners only) Opens a window that allows you to select from a list of visible network scans via AWS IMDSv2. Use this page to select the AWS targets to scan, then click Confirm.
Show Dashboard	Off	Select this check box to show a scan dashboard as the scan's default landing page.
Target URL	None	(Web App templates only) Specifies the URL for the target you want to scan, as it appears on your Tenable Nessus Web Application Scanning license. Regular expressions and wildcards are not allowed. Targets must start with the http:// or https:// protocol identifier. Note: If the URL you type in the Target box has a different FQDN host from the URL that appears on your license, and your scan runs successfully, the new URL you type counts as an additional asset on your license. Note: If you create a user-defined scan template, the target setting is not saved to the template. Type a target each time you create a new scan.
Targets	None	Specifies one or more targets to be scanned. If you select a target group or upload a targets file, you are not required to specify additional targets. Targets can be specified using a number of different formats. Tip: You can force Tenable Nessus to use a given host name for a server during a scan by using the `hostname[ip]` syntax (e.g., `www.example.com[192.168.1.1]`).
Upload Targets	None	Uploads a text file that specifies targets. The targets file must be formatted in the following manner: ASCII file format Only one target per line No extra spaces at the end of a line No extra lines following the last target Note: Unicode/UTF-8 encoding is not supported.

Schedule

By default, scans are not scheduled. When you first access the Schedule section, the Enable Schedule setting appears, set to Off. To modify the settings listed on the following table, click the Off button. The rest of the settings appear.

Setting	Default Value	Description
Frequency	Once	Specifies how often the scan is launched. Once: Schedule the scan at a specific time. Daily: Schedule the scan to occur every 1-20 days, at a specific time. Weekly: Schedule the scan to occur every 1-20 weeks, by time and day or days of the week. Monthly: Schedule the scan to occur every 1-20 months, by: Day of Month: The scan repeats monthly on a specific day of the month at the selected time. For example, if you select a start date of October 3, the scan repeats on the 3rd of each subsequent month at the selected time. Week of Month: The scan repeats monthly on a specific day of the week. For example, if you select a start date of the first Monday of the month, the scan runs on the first Monday of each subsequent month at the selected time. Note: If you schedule your scan to repeat monthly, Tenable recommends setting a start date no later than the 28th day. If you select a start date that does not exist in some months (for example, the 29th), Tenable Nessus cannot run the scan on those days. Yearly: Schedule the scan to occur every year, by time and day, for up to 20 years.
Starts	Varies	Specifies the exact date and time when a scan launches. The starting date defaults to the date when you are creating the scan. The starting time is the nearest half-hour interval. For example, if you create your scan on 09/18/2023 at 9:17 AM, the default starting date and time is set to 09/18/2023 at 09:30 AM.
Timezone	America/New York	Specifies the timezone of the value set for Starts.
Repeat Every	Varies	Specifies the interval at which a scan is relaunched. The default value of this item varies based on the frequency you choose.
Repeat On	Varies	Specifies what day of the week a scan repeats. This item appears only if you specify Weekly for Frequency. The value for Repeat On defaults to the day of the week on which you create the scan.
Repeat By	Day of the Month	Specifies when a monthly scan is relaunched. This item appears only if you specify Monthly for Frequency.
Summary	N/A	Provides a summary of the schedule for your scan based on the values you have specified for the available settings.

Notifications

Setting	Default Value	Description
Email Recipient(s)	None	Specifies zero or more email addresses, separated by commas, that are alerted when a scan completes and the results are available.
Attach Report	Off	(Tenable Nessus Professional only) Specifies whether you want to attach a report to each email notification. This option toggles the Report Type and Max Attachment Size settings.
Report Type	Nessus	(Tenable Nessus Professional only) Specifies the report type (CSV, Nessus, or PDF) that you want to attach to the email.
Max Attachment Size	25	(Tenable Nessus Professional only) Specifies the maximum size, in megabytes (MB), of any report attachment. If the report exceeds the maximum size, then it is not attached to the email. Tenable Nessus does not support report attachments larger than 50 MB.
Result Filters	None	Defines the type of information to be emailed.

Permissions

Using settings in the Permissions section, you can assign various permissions to groups and individual users. When you assign a permission to a group, that permission applies to all users within the group. The following table describes the permissions that can be assigned.

Tip: Tenable recommends assigning permissions to user groups, rather than individual users, to minimize maintenance as individual users leave or join your organization.

Permission	Description
No Access	Groups and users set to No Access cannot interact with the scan in any way. When you create a scan, by default no other users or groups have access to it.
Can View	Groups and users set to Can View can view the results of the scan.
Can Control	Groups and users set to Can Control can launch, pause, and stop a scan, as well as view its results.
Can Configure	Groups and users set to Can Configure can modify the configuration of the scan in addition to all other permissions.