Templates

Templates are used to facilitate the creation of Scans and Policies.

When you first create a Scan or Policy, the Scan Templates section or Policy Templates section appears, respectively. Templates are provided for scanners and agents. If you have created custom policies, they appear in the User Defined tab.

Tip: You can use the search box on the top navigation bar to filter templates in the section currently in view.

The templates that are available may vary. The Nessus interface provides brief explanations of each template in the product. This documentation includes a comprehensive explanation of the settings that are available for each template. Additionally, the tables on this page list the templates that are available in Nessus and the settings available for those templates.

Note: If a plugin requires authentication or settings to communicate with another system, the plugin is not available on agents. This includes, but is not limited to:

Patch management.
Mobile device management.
Cloud infrastructure audit.
Database checks that require authentication.

Scanner Templates

Template	Description	Settings	Credentials	Compliance/SCAP
Advanced Scan	Scans without any recommendations.	All	All	All
Audit Cloud Infrastructure	Audits the configuration of third-party cloud services.	All Basic Settings Report: Output	Cloud Services	AWS Microsoft Azure Rackspace Salesforce.com
Badlock Detection	Performs remote and local checks for CVE-2016-2118 and CVE-2016-0128.	Basic: General, Permissions Discovery: Port Scanning Assessment: General, Windows, Malware All Report groups Advanced: Debug Settings	None	Unix Unix File Contents Windows Windows File Contents
Bash Shellshock Detection	Performs remote and local checks for CVE-2014-6271 and CVE-2014-7169.	All Basic Settings Discovery: Scan Type Assessment: Web Applications Report: Output All Advanced Settings	Database Host Miscellaneous Patch Management Plaintext Authentication	None
Basic Network Scan	Performs a full system scan that is suitable for any host. For example, you could use this template to perform an internal vulnerability scan on your organization's systems.	All Basic Settings Discovery: Scan Type Assessment: General, Brute Force, Web Applications, Windows All Report groups Advanced: Scan Type	Database Host Miscellaneous Patch Management Plaintext Authentication	None
Credentialed Patch Audit	Authenticates hosts and enumerates missing updates.	All Basic Settings Discovery: Scan Type Assessment: Brute Force, Windows, Malware All Report groups Advanced: Scan Type	SSH Windows	None
DROWN Detection	Performs remote checks for CVE-2016-0800.	All Basic Settings Discovery: Scan Type Report: Output Advanced: General, Performance, Debug	None	None
Host Discovery	Performs a simple scan to discover live hosts and open ports.	All Basic Settings Discovery: Scan Type Report: Output	None	None
Intel AMT Security Bypass	Performs remote and local checks for CVE-2017-5689.	Basic: General, Schedule, Notifications Discovery: Scan Type Report: Output All Advanced Settings	Windows
Internal PCI Network Scan	Performs an internal PCI DSS (11.2.1) vulnerability scan.	All Basic Settings Discovery: Scan Type Assessment: General, Brute Force, Web Applications, Windows All Report groups Advanced: Scan Type	SSH Windows Patch Management	None
Malware Scan	Scans for malware on Windows and Unix systems.	All Basic Settings Discovery: Scan Type Assessment: Malware Report: Output Advanced: Scan Type	SSH Windows	None
MDM Config Audit	Audits the configuration of mobile device managers.	All Basic Settings Report: Output	Mobile	Mobile Device Manager
Mobile Device Scan	Assesses mobile devices via Microsoft Exchange or an MDM.	All Basic Settings All Report groups Advanced: Debug	Miscellaneous Mobile	None
Offline Config Audit	Audits the configuration of network devices.	All Basic Settings Report: Output Advanced: Debug	None	Adtran AOS Bluecoat ProxySG Brocade Fabricos Check Point Gaia Cisco IOS Dell Force10 FTOS Extreme ExtremeXOS Fireeye Fortigate Fortios HP Procurve Huawei VRP Juniper Junos Netapp Data Ontap Sonicwall Sonicos Watchguard
PCI Quarterly External Scan	Performs quarterly external scans as required by PCI.	All Basic Settings Discovery: Host Discovery Advanced: Scan Type	None	None
Policy Compliance Auditing	Audits system configurations against a known baseline.	All Basic Settings Discovery: Scan Type Report: Output Advanced: Scan Type	Database SSH Windows Miscellaneous Mobile	All
SCAP and OVAL Auditing	Audits systems using SCAP and OVAL definitions.	All Basic Settings Discovery: Host Discovery All Report groups Advanced: Scan Type	SSH Windows	Unix (SCAP) Unix (OVAL) Windows (SCAP) Windows (OVAL)

Agent Templates

Template	Description	Settings	Credentials	Compliance/SCAP
Advanced Agent Scan Note: When you create an agent scan using the Advanced Agent Scan template, you must also select the plugins you want to use for the scan.	Scans without any recommendations.	All Basic Settings Discovery: Port Scanning Assessment: General, Windows, Malware All Report groups Advanced: Debug	None	Unix Unix File Contents Windows Windows File Contents
Basic Agent Scan	Scans systems connected via Nessus Agents.	All Basic Settings Discovery: Port Scanning Assessment: General, Windows All Report groups Advanced: Debug	None	None
Malware Scan	Scans for malware on systems connected via Nessus Agents.	All Basic Settings Discovery: Port Scanning Assessment: General, Malware All Report groups Advanced: Debug	None	None
Policy Compliance Auditing	Audits systems connected via Nessus Agents.	All Basic Settings Discovery: Port Scanning Report: Output Advanced: Debug	None	Unix Unix File Contents Windows Windows File Contents

Copyright 2017. Tenable Network Security, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are registered trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.