Scan and Policy Templates
Templates facilitate the creation of Scans and Policies.
When you first create a Scan or Policy, the Scan Templates section or Policy Templates section appears, respectively. Templates are provided for scanners and agents. If you have created custom policies, they appear in the User Defined tab.
Note: If a plugin requires authentication or settings to communicate with another system, the plugin is not available on agents. This includes, but is not limited to:
- Patch management.
- Mobile device management.
- Cloud infrastructure audit.
- Database checks that require authentication.
For information on agent templates, see Agent Scan and Policy Templates.
The following tables list the templates that are available in Nessus and brief explanations of each template.
When you configure a Tenable-provided scan template, you can modify only the settings included for the scan template type. When you create a user-defined scan template, you can modify a custom set of settings for your scan.
For descriptions of all settings, see
Scanner Templates
Scanner templates fall into three categories: Discovery, Vulnerabilities, and Compliance.
Tip: In the Nessus interface, use the search box to quickly find a template.
| Template |
Description |
|---|---|
| Discovery | |
| Host Discovery |
Performs a simple scan to discover live hosts and open ports. |
| Vulnerabilities | |
| Advanced Dynamic Scan |
An advanced scan without any recommendations, where you can configure dynamic plugin filters instead of manually selecting plugin families or individual plugins. As Tenable, Inc. releases new plugins, any plugins that match your filters are automatically added to the scan or policy. This allows you to tailor your scans for specific vulnerabilities while ensuring that the scan stays up to date as new plugins are released. See Configure Dynamic Plugins. |
|
Advanced Scan |
A scan without any recommendations, so that you can fully customize the scan settings. |
| Basic Network Scan |
Performs a full system scan that is suitable for any host. For example, you could use this template to perform an internal vulnerability scan on your organization's systems. |
| Badlock Detection |
Performs remote and local checks for CVE-2016-2118 and CVE-2016-0128. |
| Bash Shellshock Detection |
Performs remote and local checks for CVE-2014-6271 and CVE-2014-7169. |
| Credentialed Patch Audit |
Authenticates hosts and enumerates missing updates. |
| DROWN Detection |
Performs remote checks for CVE-2016-0800. |
|
Intel AMT Security Bypass |
Performs remote and local checks for CVE-2017-5689. |
| Malware Scan |
Scans for malware on Windows and Unix systems. Note: See the Application, Malware, and Content Audits video and the Application, Malicious Software, and Content Audits video for more information about scanning for malware. |
| Mobile Device Scan |
Assesses mobile devices via Microsoft Exchange or an MDM. |
| PrintNightmare |
Performs local checks for CVE-2021-34527, the PrintNightmare Windows Print Spooler vulnerability. |
|
Shadow Brokers Scan |
Scans for vulnerabilities disclosed in the Shadow Brokers leaks. |
| Spectre and Meltdown |
Performs remote and local checks for CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754. |
|
WannaCry Ransomware |
Scans for the WannaCry ransomware. |
| Ripple20 Remote Scan |
Detects hosts running the Treck stack in the network, which may be affected by Ripple20 vulnerabilities. |
| Zerologon Remote Scan |
Detects Microsoft Netlogon elevation of privilege vulnerability (Zerologon). |
| Solorigate |
Detects SolarWinds Solorigate vulnerabilities using remote and local checks. |
| Web Application Tests |
Scan for published and unknown web vulnerabilities. |
| Active Directory Starter Scan |
Scans for misconfigurations in Active Directory. Note: Active Directory Starter Scans require ADSI credentials. For more information, see Miscellaneous. |
| Compliance | |
| Audit Cloud Infrastructure |
Audits the configuration of third-party cloud services. |
| Internal PCI Network Scan |
Performs an internal PCI DSS (11.2.1) vulnerability scan. For more information, see Unofficial PCI ASV Validation Scan. |
| MDM Config Audit |
Audits the configuration of mobile device managers. |
| Offline Config Audit |
Audits the configuration of network devices. |
| PCI Quarterly External Scan |
Performs quarterly external scans as required by PCI. Performs quarterly external scans as required by PCI. For more information, see Unofficial PCI ASV Validation Scan. |
| Policy Compliance Auditing |
Audits system configurations against a known baseline. |
| SCAP and OVAL Auditing |
Audits systems using SCAP and OVAL definitions.
|