TOC & Recently Viewed

Recently Viewed Topics

Active Scans

Path: Scans > Active Scans

For high level information about active scanning, see Scanning Overview.

The Active Scans page displays a list of all available Nessus active scans. For more information, see Add an Active Scan or Manage Active Scans.

Tip: If you want to launch an active scan to remediate a vulnerability from the Vulnerability Analysis page, see Launch a Remediation Scan.

General Options

Parameter Description

General

Name

The scan name that is associated with the scan’s results and may be any name or phrase (e.g., SystemA, DMZ Scan, Daily Scan of the Web Farm, etc.).

Description

Descriptive information related to the scan.

Policy

The policy on which you want to base the scan. You can scroll through the list, or search by entering text in the search box at the top of the list of available policies.

Schedule

Schedule

The frequency you want to run the scan: Now, Once, Daily, Weekly, Monthly, On Demand, or Dependent. The On Demand selection allows you to create a scan template that you can launch manually at any time. The Dependent selection enables you to schedule the scan after the completion of a scan you select from the drop-down box. The other time frames allow you to launch scans at specified times and intervals, depending upon configuration.

Settings Options

Parameter Description

Basic

Scan Zone

Note: If your organization's Distribution Method setting is Locked Zone, you cannot modify this setting. If your organization's Distribution Method setting is Automatic Distribution Only, this option is hidden because SecurityCenter automatically chooses one or more scan zones.

Specifies the scan zone you want to use to run the scan. Depending on your organization's Distribution Method setting, you can select:

  • An available zone — use a single scan zone to run the scan.

    Note: If you select a single scan zone, SecurityCenter ignores the ranges in the scan zone and scans all of the targets you specify in the scan configuration.

    - or -

  • Automatic Distribution — allow SecurityCenter to choose the best scan zone to run the scan.

For more information, see Organizations and Scan Zones.

Import Repository

Specifies the repository where the scan results are imported. Select a IPv4 or IPv6 repository to receive IPv4 or IPv6 results appropriate to the scan.

Scan Timeout Action

The action you want SecurityCenter to perform in the event a scan is incomplete:

  • Import Completed Results With Rollover — (Default option) The system imports the results from the scan into the database and creates a rollover scan that you can launch manually to complete the scan.
  • Import Completed Results — The system imports the results of the current scan and discards the information for the unscanned hosts.
  • Discard Results — The system does not import any of the results obtained by the scan to the database.

Rollover Schedule

If you set the Scan Timeout Action to Import results with Rollover, this option specifies how to handle the rollover scan. You can create the rollover scan as a template to launch manually, or to launch the next day at the same start time as the just-completed scan.

Advanced

Scan Virtual Hosts

Specifies whether the system treats a new DNS entry for an IP address as a virtual host as opposed to a DNS name update.

When a new DNS name is found for an IP address:

  • If you select this option, vulnerability data for the two DNS names appears as two entries with the same IP address in the IP Summary analysis tool.
  • If you do not select this option, vulnerability data for the two DNS names merge into a single IP address entry in the IP Summary analysis tool.

Track hosts which have been issued new IP address

This option uses the DNS name, NetBIOS name, and MAC address (if known), in that order, to track a host when its IP address changes. Once a match has been made, SecurityCenter does not search further for matches.

For example, if SecurityCenter does not match a DNS name, but it does match a NetBIOS name, the system does not check the MAC address. Networks using DHCP require that you set this option to properly track hosts.

Immediately remove vulnerabilities from scanned hosts that do not reply

If a previously responsive host does not reply to a scan, the system automatically removes vulnerabilities related to that host from the cumulative database. If you enable this option, the system removes the vulnerabilities immediately. If you disable this option, the system removes the vulnerabilities according to the interval set in the Number of days to wait before removing dead hosts option.

Number of days to wait before removing dead hosts

Specifies how many days the system waits to remove vulnerabilities from the cumulative database when previously responsive hosts do not reply to a scan.

This option only shows if you disable the Immediately remove vulnerabilities from scanned hosts that do not reply option.

Max scan duration (hours)

Specifies the maximum number of hours you want a scan to run.

If a scan reaches this threshold, SecurityCenter automatically creates a rollover scan that you can launch manually to complete the scan. SecurityCenter creates a rollover scan regardless of your Scan Timeout Action setting.

Targets Options

The Targets section identifies the devices to be scanned. The drop-down box for Target Type contains the following options:

  • Assets—A list of available assets appears, and one or more asset might be selected. You can search the assets using the search box above the list.
  • IP / DNS Name—A box appears, listing DNS names and/or IP addresses in individual, CIDR, or range notation.
  • Mixed—You can use a combination of asset lists and IP/DNS names.

Valid Formats:

  • A single IP address (e.g., 172.204.81.57), (The proper ways to specify IPs in SC are <fullIP>-<fullIP> (range), <fullIP>/<bits> (CIDR), or <fullIP>)
  • An IP range (e.g., 172.204.81.57-172.204.81.58)
  • A subnet with CIDR notation (e.g., 172.204.81.57/24)
  • A resolvable host (e.g., www.yourdomain.com)
  • A resolvable host with subnet (www.yourdomain.com/255.255.255.0)
  • A resolvable host with CIDR notation (www.yourdomain.com/24)
  • A single IPv6 address (e.g., 2001:DB8:1234:1234/32)

Note: You cannot scan both IPv4 and IPv6 addresses in the same scan, because you can only select one Import Repository.

Credentials Options

The Credentials section allows users to select pre-configured credential sets for authenticated scanning. SecurityCenter supports the use of an unlimited number of Windows credential sets, four SNMP credential sets, an unlimited number of SSH credential set, and Database credential set.

Click the type of scan credential to add to the scan from the drop-down box. Then click the specific credential to add from the list by clicking the name. You can search the credentials using the text search option. Only credentials that match the type selected appear. When you hover over a credential, the information icon appears, which displays information about the credential such as the name, description, type, and owner. After you select the credential, click the check mark to add it to the scan template. Clicking the X removes the credential from the list of added credentials.

As you add credentials, the You may add <number> more credential message updates to display how many more of that type you can use in the current scan. Once you have added the maximum of a type, that credential type no longer appears in the type menu until you remove at least one of the previously used credentials of that type.

For more information, see Credentials.

Post Scan Options

These options determine what actions occur immediately before and after the active scan completes.

Option Description

Notifications

E-mail me on Launch

This option specifies whether the system emails you a notification when the scan launches. This option only appears if you set an email address for your user account.

E-mail me on Completion

This option specifies whether the system emails you a notification when the scan completes. This option only appears if you set an email address for your user account.

Reports to Run on Scan Completion

Add Report

This option provides a list of reports available to the user to run when the scan completes.

The initial choices to select a report are to click the group and owner of the report to present a list of valid report options. Then click the report from the list that can be searched using the text search box. When hovering over a report name, you can select the information icon to display the name and description of the report. The report generated is based on the current scan’s results or the results in the Cumulative database.

Selecting the check mark causes that report to launch once the scan completes. Selecting the X removes the changes. Once added, you can modify or delete the report information.

Diagnostic Scans

If you experience issues with an active scan, Tenable Support may ask you to run a diagnostic scan to assist with troubleshooting. After SecurityCenter runs the diagnostic scan, download the diagnostic file and send it to Tenable Support.

For more information, see Run a Diagnostic Scan.

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.