Recently Viewed Topics
Scan and Policy Templates
Templates facilitate the creation of Scans and Policies.
When you first create a Scan or Policy, the Scan Templates section or Policy Templates section appears, respectively. Templates are provided for scanners and agents. If you have created custom policies, they appear in the User Defined tab.
Tip: You can use the search box in the top navigation bar to filter templates in the section currently in view.
The templates that are available may vary. The Nessus interface provides brief explanations of each template in the product. This documentation includes a comprehensive explanation of the settings available for each template.
The following tables list the templates that are available in Nessus and the settings that are available for those templates.
Note: If a plugin requires authentication or settings to communicate with another system, the plugin is not available on agents. This includes, but is not limited to:
- Patch management.
- Mobile device management.
- Cloud infrastructure audit.
- Database checks that require authentication.
For information on agent templates, see Agent Scan and Policy Templates.
Scanner Templates
| Template |
Description |
Settings | Credentials | Compliance/SCAP |
|---|---|---|---|---|
| Advanced Dynamic Scan |
An advanced scan without any recommendations, where you can configure dynamic plugin filters instead of manually selecting plugin families or individual plugins. As Tenable, Inc. releases new plugins, any plugins that match your filters are automatically added to the scan or policy. This allows you to tailor your scans for specific vulnerabilities while ensuring that the scan stays up to date as new plugins are released. See Configure Dynamic Plugins. |
All | All | All |
| Advanced Scan |
Scans without any recommendations. |
|
||
| Audit Cloud Infrastructure |
Audits the configuration of third-party cloud services. |
|
AWS Microsoft Azure Rackspace Salesforce.com |
|
| Badlock Detection |
Performs remote and local checks for CVE-2016-2118 and CVE-2016-0128. |
|
None |
Unix Unix File Contents Windows Windows File Contents |
| Bash Shellshock Detection |
Performs remote and local checks for CVE-2014-6271 and CVE-2014-7169. |
Scan Type Web Applications Output
|
None | |
| Basic Network Scan |
Performs a full system scan that is suitable for any host. For example, you could use this template to perform an internal vulnerability scan on your organization's systems. |
Scan Type General, Brute Force, Web Applications, Windows All
|
|
None |
| Credentialed Patch Audit |
Authenticates hosts and enumerates missing updates. |
Scan Type Brute Force, Windows, Malware All
|
|
None |
| DROWN Detection |
Performs remote checks for CVE-2016-0800. |
Scan Type Output
|
None | None |
| Host Discovery |
Performs a simple scan to discover live hosts and open ports. |
Scan Type Output
|
None | None |
|
Intel AMT Security Bypass |
Performs remote and local checks for CVE-2017-5689. |
All Scan Type Output
|
|
|
| Internal PCI Network Scan |
Performs an internal PCI DSS (11.2.1) vulnerability scan. |
Scan Type General, Brute Force, Web Applications, Windows All
|
|
None |
| Malware Scan |
Scans for malware on Windows and Unix systems. Note: See the Application, Malware, and Content Audits video and the Application, Malicious Software, and Content Audits video for more information about scanning for malware. |
Scan Type Malware Output
|
|
None |
| MDM Config Audit |
Audits the configuration of mobile device managers. |
Output |
|
Mobile Device Manager |
| Mobile Device Scan |
Assesses mobile devices via Microsoft Exchange or an MDM. |
|
None | |
| Offline Config Audit |
Audits the configuration of network devices. |
|
None |
Adtran AOS Bluecoat ProxySG Brocade Fabricos Check Point Gaia Cisco IOS Dell Force10 FTOS Extreme ExtremeXOS Fireeye Fortigate Fortios HP Procurve Huawei VRP Juniper Junos Netapp Data Ontap Sonicwall Sonicos Watchguard |
| PCI Quarterly External Scan |
Performs quarterly external scans as required by PCI. Note: Because the nature of a PCI ASV scan is more paranoid and may lead to false positives, the scan data is not included in the aggregate Tenable.io data. This is by design. |
All
|
|
None |
| Policy Compliance Auditing |
Audits system configurations against a known baseline. |
|
|
All |
| SCAP and OVAL Auditing |
Audits systems using SCAP and OVAL definitions. |
Host Discovery All
|
|
|
|
Shadow Brokers Scan |
Scans for vulnerabilities disclosed in the Shadow Brokers leaks. |
|
|
None |
| Spectre and Meltdown | Performs remote and local checks for CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754. |
Scan Type
|
|
None |
|
WannaCry Ransomware |
Scans for the WannaCry ransomware. |
|
|
None |
| Web Application Tests | Scan for published and unknown web vulnerabilities. |
General, Web Applications |
|
None |