Create a Tenable PCI ASV Scan

Required User Role: Administrator

In Tenable PCI ASV, you can create the following scans using scan templates:

Vulnerability Management Scan using the Internal PCI Network Scan and PCI Quarterly External Scan templates
Tenable Web App Scanning scan using the PCI template

When you create a scan, Tenable PCI ASV assigns you owner permissions for the scan.

Important: By default, PCI scan data is excluded from dashboards, reports, and workbenches. To view this data, you must set the Scan Results setting to Show in the workbenches, dashboards, and reports.

Note: If you re-scan an already scanned network, Tenable PCI ASV creates a new, separate scan for the network. Tenable recommends re-scanning networks after remediation is complete to confirm any failures have been fixed.

Before you begin:

(Optional) View Tenable PCI ASV scan limitations.
Create a permission configuration for any targets you want to use in the scan and assign Can Scan permissions to the appropriate users.

To create a Tenable PCI ASV scan:

Access the Tenable PCI ASV Workbench.
In the upper-right corner of the page, click Create Scan.

The Select a Scan Template page appears. By default, the Nessus Scanner tab is active.
Click the tile for the template you want to use for your scan.

The Create a Scan page appears.

Configure the scan:

Tab	Action
Settings	Configure the settings available in the scan template. Vulnerability Management Scan using the Internal PCI Network Scan or PCI Quarterly External Scan templates Basic — Specifies the organizational and security-related aspects of a scan template. This includes specifying the name of the scan, its targets, whether you want to schedule the scan, and who has permissions for the scan. Discovery — Specifies how a scan performs discovery and port scanning. Assessment — Specifies how a scan identifies vulnerabilities, as well as what vulnerabilities are identified. This includes identifying malware, assessing the vulnerability of a system to brute force attacks, and the susceptibility of web applications. Note: Assessment settings appear only on Internal PCI Network Scan templates. Report — Specifies whether the scan generates a report. Note: Report settings appear only on Internal PCI Network Scan templates. Advanced — Specifies advanced controls for scan efficiency.
Tenable Web App Scanning scan using the PCI template Basic — Specifies the organizational and security-related aspects of a scan template. This includes specifying the name of the scan, its targets, whether you want to schedule the scan, and who has permissions for the scan. Scope — Specifies the URLs and file types that you want to include in or exclude from your scan. Assessment — Specifies which web application elements you want the scanner to audit as it crawls your URLs. Report — Specifies extra items to include in the scan report. Advanced — Specifies advanced controls you want to implement in a web application scan.
Credentials	PCI ASV scans are designed from an external threat's perspective. As such, PCI ASV scans mirror the Basic scan template, which allows for a minimal set of credentials. While Credentials options are available when creating a PCI ASV scan, you should NOT configure these settings as they change the intent of the scan and can ultimately lead to scan complications and PCI failures.

Tab

Action

Settings

Configure the settings available in the scan template.

Vulnerability Management Scan using the Internal PCI Network Scan or PCI Quarterly External Scan templates

Basic — Specifies the organizational and security-related aspects of a scan template. This includes specifying the name of the scan, its targets, whether you want to schedule the scan, and who has permissions for the scan.
Discovery — Specifies how a scan performs discovery and port scanning.
Assessment — Specifies how a scan identifies vulnerabilities, as well as what vulnerabilities are identified. This includes identifying malware, assessing the vulnerability of a system to brute force attacks, and the susceptibility of web applications.

Note: Assessment settings appear only on Internal PCI Network Scan templates.

Report — Specifies whether the scan generates a report.

Note: Report settings appear only on Internal PCI Network Scan templates.

Advanced — Specifies advanced controls for scan efficiency.

Tenable Web App Scanning scan using the PCI template

Basic — Specifies the organizational and security-related aspects of a scan template. This includes specifying the name of the scan, its targets, whether you want to schedule the scan, and who has permissions for the scan.
Scope — Specifies the URLs and file types that you want to include in or exclude from your scan.
Assessment — Specifies which web application elements you want the scanner to audit as it crawls your URLs.
Report — Specifies extra items to include in the scan report.
Advanced — Specifies advanced controls you want to implement in a web application scan.

Credentials

PCI ASV scans are designed from an external threat's perspective. As such, PCI ASV scans mirror the Basic scan template, which allows for a minimal set of credentials. While Credentials options are available when creating a PCI ASV scan, you should NOT configure these settings as they change the intent of the scan and can ultimately lead to scan complications and PCI failures.

Do one of the following:
- If you want to save without launching the scan, click Save.
  
  Tenable PCI ASV saves the scan.
- If you want to save and launch the scan immediately, click Save & Launch.
  
  Note: If you scheduled the scan to run at a later time, the Save & Launch option is not available.
  
  Tenable PCI ASV saves and launches the scan.