Discovery Scan Settings
Note: If a scan is based on a policy, you cannot configure Discovery settings in the scan. You can only modify these settings in the related policy.
Note: Tenable Nessus indicates the settings that are required by a particular scan or policy.
The Discovery settings relate to discovery and port scanning, including port ranges and methods.
Certain Tenable-provided scanner templates include
If you select the Custom preconfigured setting option, or if you are using a scanner template that does not include preconfigured discovery settings, you can manually configure Discovery settings in the following categories:
Note: The following tables include settings for the Advanced Scan template. Depending on the template you select, certain settings may not be available, and default values may vary.
Host Discovery
By default, Tenable Nessus enables some settings in the Host Discovery section. When you first access the Host Discovery section, the Ping the remote host item appears and is set to On.
The Host Discovery section includes the following groups of settings:
Setting | Default Value | Description |
---|---|---|
Ping the remote host | On |
If set to On, the scanner pings remote hosts on multiple ports to determine if they are alive. Additional options General Settings and Ping Methods appear. If set to Off, the scanner does not ping remote hosts on multiple ports during the scan. Note: To scan VMware guest systems, Ping the remote host must be set to Off. |
Scan unresponsive hosts |
Disabled |
Specifies whether the Nessus scanner scans hosts that do not respond to any ping methods. This option is only available for scans using the
|
General Settings | ||
Test the local Nessus host | Enabled |
When enabled, includes the local Nessus host in the scan. This is used when the Nessus host falls within the target network range for the scan. |
Use Fast Network Discovery |
Disabled |
When disabled, if a host responds to ping, Tenable Nessus attempts to avoid false positives, performing additional tests to verify the response did not come from a proxy or load balancer. These checks can take some time, especially if the remote host is firewalled. When enabled, Tenable Nessus does not perform these checks. |
Ping Methods | ||
ARP |
Enabled |
Ping a host using its hardware address via Address Resolution Protocol (ARP). This only works on a local network. |
TCP |
Enabled |
Ping a host using TCP. |
Destination ports (TCP) |
built-in |
Destination ports can be configured to use specific ports for TCP ping. This specifies the list of ports that are checked via TCP ping. Type one of the following: built-in, a single port, or a comma-separated list of ports. For more information about which ports built-in specifies, see the knowledge base article. |
ICMP |
Enabled |
Ping a host using the Internet Control Message Protocol (ICMP). |
Assume ICMP unreachable from the gateway means the host is down | Disabled |
Assume ICMP unreachable from the gateway means the host is down. When a ping is sent to a host that is down, its gateway may return an ICMP unreachable message. When this option is enabled, when the scanner receives an ICMP Unreachable message, it considers the targeted host dead. This approach helps speed up discovery on some networks. Note: Some firewalls and packet filters use this same behavior for hosts that are up, but connected to a port or protocol that is filtered. With this option enabled, this leads to the scan considering the host is down when it is indeed up. |
Maximum number of retries | 2 |
Specifies the number of attempts to retry pinging the remote host. |
UDP |
Disabled |
Ping a host using the User Datagram Protocol (UDP). UDP is a stateless protocol, meaning that communication is not performed with handshake dialogues. UDP-based communication is not always reliable, and because of the nature of UDP services and screening devices, they are not always remotely detectable. |
Fragile Devices | ||
Scan Network Printers |
Disabled |
When enabled, the scanner scans network printers. |
Scan Novell Netware hosts |
Disabled |
When enabled, the scanner scans Novell NetWare hosts. |
Scan Operational Technology devices | Disabled |
When enabled, the scanner performs a full scan of Operational Technology (OT) devices such as programmable logic controllers (PLCs) and remote terminal units (RTUs) that monitor environmental factors and the activity and state of machinery. When disabled, the scanner uses ICS/SCADA Smart Scanning to cautiously identify OT devices and stops scanning them once they are discovered. |
Wake-on-LAN | ||
List of MAC Addresses |
None |
The Wake-on-LAN (WOL) menu controls which hosts to send WOL magic packets to before performing a scan. Hosts that you want to start prior to scanning are provided by uploading a text file that lists one MAC address per line. For example: 33:24:4C:03:CC:C7 FF:5C:2C:71:57:79 |
Boot time wait (in minutes) |
5 |
The amount of time to wait for hosts to start before performing the scan. |
Port Scanning
The Port Scanning section includes settings that define how the port scanner behaves and which ports to scan.
The Port Scanning section includes the following groups of settings:
Service Discovery
The Service Discovery section includes settings that attempt to map each open port with the service that is running on that port.
The Service Discovery section includes the following groups of settings:
Identity
The Identity section allows you to enable or disable the collection of Active Directory data.
Setting |
Default Value |
Description |
---|---|---|
General Settings | ||
Collect Identity Data from Active Directory | Disabled |
Enable this setting to allow Tenable Nessus to gather user, computer, and group objects from Active Directory. This setting requires that you specify an Active Directory user account for the scan. You also need to enable LDAPS on the Domain Controller that the scan is targeting. |