Policies

Required user role when using Tenable Nessus Manager: Standard, Administrator, or System Administrator

A policy is a set of predefined configuration options related to performing a scan. After you create a policy, you can select it as a template when you create a scan.

Note: You cannot create and launch scans, create or view policies or plugin rules, or use the upgrade assistant while Tenable Nessus compiles plugins.

Tip: For information about default policy templates and settings, see Scan Templates.

Use the following procedures to manage your policies:

  1. In the top navigation bar, click Scans.

    The My Scans page appears.

  2. In the left navigation bar, click Policies.

    The Policies page appears.

  3. In the upper right corner, click the New Policy button.

    The Policy Templates page appears.

  4. Click the policy template that you want to use.

  5. Configure the policy's settings.

  6. Click the Save button.

    Tenable Nessus saves the policy.

  1. In the top navigation bar, click Scans.

    The My Scans page appears.

  2. In the left navigation bar, click Policies.

  3. In the policies table, select the check box on the row corresponding to the policy that you want to configure.

    In the upper-right corner, the More button appears.

  4. Click the More button.

  5. Click Configure.

    The Configuration page for the policy appears.

  6. Modify the settings.

  7. Click the Save button.

    Tenable Nessus saves the settings.

You can export an existing scan policy in Tenable Nessus as a .nessus file and import it into a different Tenable Nessus installation. You can then view and modify the configuration settings for the imported policy.

To export a policy:

  1. In the top navigation bar, click Scans.

    The My Scans page appears.

  2. In the left navigation bar, click Policies.

    The Policies page appears.

  3. In the row of the policy that you want to export, click .

    The policy downloads to your machine as a .nessus file. You can import the policy into a different Tenable Nessus installation, or you can save it for future use.

You can export a Tenable Nessus policy as a .nessus file and import it in a different Tenable Nessus installation. You can then view and modify the configuration settings for the imported policy. You cannot import a Nessus DB file as a policy.

To import a policy:

  1. In the top navigation bar, click Scans.

    The My Scans page appears.

  2. In the left navigation bar, click Policies.

    The Policies page appears.

  3. In the upper-right corner, click Import.

    Your browser's file manager window appears.

  4. Browse to and select the scan file that you want to import.

    Note: The supported file type is an exported Nessus (.nessus) file.

    Tenable Nessus imports the file as a policy.

  1. In the top navigation bar, click Scans.

    The My Scans page appears.

  2. In the left navigation bar, click Policies.

  3. On the policies table, on the row corresponding to the policy that you want to delete, click the delete button.

    A dialog box appears, confirming your selection to delete the policy.

  4. Click the Delete button.

    Tenable Nessus deletes the policy.

Policy Characteristics

  • Parameters that control technical aspects of the scan such as timeouts, number of hosts, type of port scanner, and more.
  • Credentials for local scans (for example, Windows, SSH), authenticated Oracle database scans, HTTP, FTP, POP, IMAP, or Kerberos based authentication.
  • Granular family or plugin-based scan specifications.
  • Database compliance policy checks, report verbosity, service detection scan settings, Unix compliance checks, and more.
  • Offline configuration audits for network devices, allowing safe checking of network devices without needing to scan the device directly.
  • Windows malware scans which compare the MD5 checksums of files, both known good and malicious files.