Scan and Policy Templates
Templates facilitate the creation of scans and policies.
When you first create a scan or policy, the Scan Templates section or Policy Templates section appears, respectively. Nessus provides templates are for scanners and agents. If you create custom policies, they appear in the User Defined tab.
Note: If a plugin requires authentication or settings to communicate with another system, the plugin is not available on agents. This includes, but is not limited to:
- Patch management.
- Mobile device management.
- Cloud infrastructure audit.
- Database checks that require authentication.
For information on agent templates, see Agent Scan and Policy Templates.
When you configure a Tenable-provided scan template, you can modify only the settings included for the scan template type. When you create a user-defined scan template, you can modify a custom set of settings for your scan.
For descriptions of all settings, see Settings.
Scanner Templates
Scanner templates fall into three categories:
-
Discovery — Tenable recommends using discovery scans to see what hosts are on your network, and associated information such as IP address, FQDN, operating systems, and open ports, if available. After you have a list of hosts, you can choose what hosts you want to target in a specific vulnerability scan.
-
Vulnerabilities — Tenable recommends using vulnerability scan templates for most of your organization's standard, day-to-day scanning needs.
-
Compliance — Tenable recommends using configuration scan templates to check whether host configurations are compliant with various industry standards. Compliance scans are sometimes referred to as configuration scans. For more information about the checks that compliance scans can perform, see Compliance and SCAP Settings.
Tip: In the Nessus user interface, use the search box to find a template quickly.
Template | Description |
---|---|
Discovery | |
Attack Surface Discovery | Uses Bit Discovery to scan a list of high-level domains and extract DNS-related data. For more information, see Create an Attack Surface Discovery Scan with Bit Discovery. |
Host Discovery |
Performs a simple scan to discover live hosts and open ports. |
Vulnerabilities | |
Basic Network Scan |
Performs a full system scan that is suitable for any host. Use this template to scan an asset or assets with all of Nessus's plugins enabled. For example, you can perform an internal vulnerability scan on your organization's systems. |
Advanced Network Scan |
The most configurable scan type. You can configure this scan template to match any policy. This template has the same default settings as the basic scan template, but it allows for additional configuration options. |
Advanced Dynamic Scan |
An advanced scan without any recommendations, where you can configure dynamic plugin filters instead of manually selecting plugin families or individual plugins. As Tenable, Inc. releases new plugins, any plugins that match your filters are automatically added to the scan or policy. This allows you to tailor your scans for specific vulnerabilities while ensuring that the scan stays up to date as new plugins are released. See Configure Dynamic Plugins. |
Malware Scan |
Scans for malware on Windows and Unix systems. |
Mobile Device Scan |
Assesses mobile devices via Microsoft Exchange or an MDM. |
Web Application Tests |
Scan for published and unknown web vulnerabilities. |
Credentialed Patch Audit |
Authenticates hosts and enumerates missing updates. |
Intel AMT Security Bypass |
Performs remote and local checks for CVE-2017-5689. |
Spectre and Meltdown |
Performs remote and local checks for CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754. |
WannaCry Ransomeware |
Scans for the WannaCry ransomware (MS17-010). |
Ripple20 Remote Scan |
Detects hosts running the Treck stack in the network, which may be affected by Ripple20 vulnerabilities. |
Zerologon Remote Scan |
Detects Microsoft Netlogon elevation of privilege vulnerability (Zerologon). |
Solarigate |
Detects SolarWinds Solorigate vulnerabilities using remote and local checks. |
ProxyLogon: MS Exchange |
Performs remote and local checks to detect Microsoft Exchange Server vulnerabilities related to CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. |
PrintNightmare |
Performs local checks for CVE-2021-34527, the PrintNightmare Windows Print Spooler vulnerability. |
Active Directory Starter Scan |
Scans for misconfigurations in Active Directory. Note: Active Directory Starter Scans require ADSI credentials. For more information, see Miscellaneous. |
Log4Shell |
Detects the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j via local checks. |
Log4Shell Remote Checks |
Detects the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j via remote checks. |
Log4Shell Vulnerability Ecosystem |
Detects the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j via local and remote checks. This template is dynamic and is regularly updated with new plugins as third-party vendors patch their software. |
2021 Threat Landscape Retrospective (TLR) | Detects vulnerabilities featured in Tenable's 2021 Threat Landscape Retrospective report. |
CISA Alerts AA22-011A and AA22-047A | Performs remote and local checks for vulnerabilities from CISA alerts AA22-011A and AA22-047A. |
ContiLeaks | Performs remote and local checks for ContiLeaks vulnerabilities. |
Ransomware Ecosystem | Performs remote and local checks for common ransomware vulnerabilities. |
Compliance | |
Audit Cloud Infrastructure |
Audits the configuration of third-party cloud services. |
Internal PCI Network Scan |
Performs an internal PCI DSS (11.2.1) vulnerability scan. |
MDM Config Audit |
Audits the configuration of mobile device managers. |
Offline Config Audit |
Audits the configuration of network devices. |
PCI Quarterly External Scan |
Performs quarterly external scans as required by PCI. For more information, see Unofficial PCI ASV Validation Scan. |
Policy Compliance Auditing |
Audits system configurations against a known baseline. |
SCAP and OVAL Auditing |
Audits systems using SCAP and OVAL definitions. |