Scan Template Selection

Tenable Vulnerability Management provides various scanner and Nessus Agent scan templates that meet different business needs. Tenable Vulnerability Management provides four categories of scan templates: Vulnerability Scans, Configuration Scans, Tactical Scans, and Inventory Collection. You can view Tenable Vulnerability Management's complete offering of scan templates when you Create a Vulnerability Management Scan in the user interface.

Click the following scan template categories to view the descriptions. For information about specific scan templates, see Scan Templates.

Note: You can configure the Nessus Scanner templates to use cloud scanners or your Nessus scanners.

Tenable recommends using vulnerability scan templates for most of your organization's standard, day-to-day scanning needs. Some of Tenable Vulnerability Management's most notable vulnerability scan templates are:

  • Advanced Network/Agent Scan — The most configurable scan type that Tenable Vulnerability Management offers. You can configure this scan template to match any policy or search any asset or assets. These templates have the same default settings as the Basic Network/Agent Scan, but they allow for additional configuration options.

    Note: Advanced scan templates allow Tenable Vulnerability Management experts to scan more deeply using custom configuration, such as faster or slower checks, but misconfigurations can cause asset outages or network saturation. Use the advanced templates with caution.

  • Basic Network/Agent Scan — Use this template to scan a system or systems with all of Tenable Vulnerability Management's default plugins enabled. This scan provides a quick and easy way to scan systems for vulnerabilities.

  • Credentialed Patch Audit (Nessus Scanner only) — Use this template with credentials to give the scanner direct access to the host, scan the target hosts, and enumerate missing patch updates.

  • Host Discovery (Nessus Scanner only) — Launch this scan to see what hosts are on your network and associated information such as IP address, FQDN, operating systems, and open ports, if available. After you have a list of hosts, you can choose what hosts you want to target in a specific vulnerability scan.

    Tenable recommends that organizations who do not have a passive network monitor, such as Tenable Nessus Network Monitor, run this scan weekly to discover new assets on your network.

    Note: Assets identified by discovery scans do not count toward your license.

Tenable recommends using configuration scan templates to check whether host configurations are compliant with various industry standards. Configuration scans are sometimes referred to as compliance scans. For more information about the checks that compliance scans can perform, see Compliance in Vulnerability Management Scans and SCAP Settings in Vulnerability Management Scans.

Tenable recommends using the tactical scan templates to scan your network for a specific vulnerability or group of vulnerabilities.

Tactical scans are lightweight, timely scan templates that you can use to scan your assets for a particular vulnerability. Tenable frequently updates the Tenable Vulnerability Management Tactical Scans library with templates that detect the latest vulnerabilities of public interest.

Unlike standard Tenable Nessus Agent vulnerability scans, the Collect Inventory template uses Tenable's Frictionless Assessment technology to provide faster scan results and reduce the scan's system footprint. Agent-based inventory scans gather basic information from a host and upload it to Tenable Vulnerability Management. Then, Tenable Vulnerability Management analyzes the information against missing patches and vulnerabilities as Tenable releases coverage. This reduces the performance impact on the target host while also reducing the time it takes for an analyst to see the impact of a recent patch. For more information, see Tenable-Provided Nessus Agent Templates .