TOC & Recently Viewed

Recently Viewed Topics

Active Scans

Path: Scans > Active Scans

The Active Scans page displays a list of all available Nessus active scans. Click the gear icon drop-down menu to perform basic scan management tasks:

  • View — view details about the active scan.
  • Edit — edit settings for the active scan.
  • Copy — copy settings for the active scan and create a second, identical scan.
  • Run Diagnostic Scan — run a separate diagnostic scan for troubleshooting. For more information, see Diagnostic Scans.
  • Delete — delete the active scan.

Authorized users can create an active scan, as described in Add an Active Scan. To run a scan outside of the scheduled window or to pause a running scan, see Start or Pause a Scan.

Newly created active scans are shared to everyone within the same user group when users have the appropriate permissions.

General Options

Parameter Description

General

Name

The scan name that is associated with the scan’s results and may be any name or phrase (e.g., SystemA, DMZ Scan, Daily Scan of the Web Farm, etc.).

Description

Descriptive information related to the scan.

Policy

The policy on which you want to base the scan. You can scroll through the list, or search by entering text in the search box at the top of the list of available policies.

Schedule

Schedule

The frequency you want to run the scan: Now, Once, Daily, Weekly, Monthly, On Demand, or Dependent. The On Demand selection allows you to create a scan template that you can launch manually at any time. The Dependent selection enables you to schedule the scan after the completion of a scan you select from the drop-down box. The other time frames allow you to launch scans at specified times and intervals, depending upon configuration.

Settings Options

Parameter Description

Basic

Scan Zone

If you set Scan Zone to Selectable for the user, a drop-down box appears that allows you to select the scan zone to be used for the scan. If you select Automatic Distribution, the Scan Zone that most closely matches the host or range of hosts to be scanned is selected from the zones available. Otherwise, you can select a specific scan zone from the drop-down box and search using the text search box. When you hover over a scan zone, the information icon appears. When you select this icon, the name, description, and last modified date appear.

When you set Scan Zone to forced for the user, the Scan Zone box cannot be modified.

Import Repository

Specifies the repository where the scan results are imported. Select a repository to receive IPv4 or IPv6 results appropriate to the scan.

Scan Timeout Action

The action you want SecurityCenter to perform in the event a scan is incomplete:

  • Import Completed Results With Rollover — (Default option) The system imports the results from the scan into the database and creates a rollover scan that you can launch at a later time to complete the scan.
  • Import Completed Results — The system imports the results of the current scan and discards the information for the unscanned hosts.
  • Discard Results — The system does not import any of the results obtained by the scan to the database.

Rollover Schedule

If you set the Scan Timeout Action to Import results with Rollover, this option specifies how to handle the rollover scan. You can create the rollover scan as a template to launch manually, or to launch the next day at the same start time as the just-completed scan.

Advanced

Scan Virtual Hosts

Specifies whether the system treats a new DNS entry for an IP address as a virtual host as opposed to a DNS name update.

When a new DNS name is found for an IP address:

  • If you select this option, vulnerability data for the two DNS names appears as two entries with the same IP address in the IP Summary analysis tool.
  • If you do not select this option, vulnerability data for the two DNS names merge into a single IP address entry in the IP Summary analysis tool.

Track hosts which have been issued new IP address

Specifies whether the system uses the DNS name, NetBIOS name, and MAC address (if known), in that order, of the computer to track it when the IP address of the computer may have changed. Once a match is made, SecurityCenter does not search further for matches. For example, if a DNS name is not matched, but a NetBIOS name is, the system does not check the MAC address. Networks using DHCP require that you set this option to properly track hosts.

Immediately remove vulnerabilities from scanned hosts that do not reply

If a previously responsive host does not reply to a scan, the system automatically removes vulnerabilities related to that host from the cumulative database. If you enable this option, the system removes the vulnerabilities immediately. If you disable this option, the system removes the vulnerabilities according to the interval set in the Number of days to wait before removing dead hosts option.

Number of days to wait before removing dead hosts

Specifies how many days the system waits to remove vulnerabilities from the cumulative database when previously responsive hosts do not reply to a scan.

This option only shows if you disable the Immediately remove vulnerabilities from scanned hosts that do not reply option.

Max scan duration (hours)

Specifies the number of hours after which the scan stops running.

Targets Options

The Targets section identifies the devices to be scanned. The drop-down box for Target Type contains the following options:

  • Assets—A list of available assets appears, and one or more asset might be selected. You can search the assets using the search box above the list.
  • IP / DNS Name—A box appears, listing DNS names and/or IP addresses in individual, CIDR, or range notation.
  • Mixed—You can use a combination of asset lists and IP/DNS names.

Valid Formats:

  • A single IP address (e.g., 172.204.81.57), (The proper ways to specify IPs in SC are <fullIP>-<fullIP> (range), <fullIP>/<bits> (CIDR), or <fullIP>)
  • An IP range (e.g., 172.204.81.57-172.204.81.58)
  • A subnet with CIDR notation (e.g., 172.204.81.57/24)
  • A resolvable host (e.g., www.yourdomain.com)
  • A resolvable host with subnet (www.yourdomain.com/255.255.255.0)
  • A resolvable host with CIDR notation (www.yourdomain.com/24)
  • A single IPv6 address (e.g., 2001:DB8:1234:1234/32)

Note: You cannot scan both IPv4 and IPv6 addresses in the same scan, because you can only select one Import Repository.

Credentials Options

The Credentials section allows users to select pre-configured credential sets for authenticated scanning. SecurityCenter supports the use of an unlimited number of Windows credential sets, four SNMP credential sets, an unlimited number of SSH credential set, and Database credential set.

Click the type of scan credential to add to the scan from the drop-down box. Then click the specific credential to add from the list by clicking the name. You can search the credentials using the text search option. Only credentials that match the type selected appear. When you hover over a credential, the information icon appears, which displays information about the credential such as the name, description, type, and owner. After you select the credential, click the check mark to add it to the scan template. Clicking the X removes the credential from the list of added credentials.

As you add credentials, the You may add <number> more credential message updates to display how many more of that type you can use in the current scan. Once you have added the maximum of a type, that credential type no longer appears in the type menu until you remove at least one of the previously used credentials of that type.

For more information, see Credentials.

Post Scan Options

These options determine what actions occur immediately before and after the active scan completes.

Option Description

Notifications

E-mail me on Launch

This option specifies whether the system emails you a notification when the scan launches. This option only appears if you set an email address for your user account.

E-mail me on Completion

This option specifies whether the system emails you a notification when the scan completes. This option only appears if you set an email address for your user account.

Reports to Run on Scan Completion

Add Report

This option provides a list of reports available to the user to run when the scan completes.

The initial choices to select a report are to click the group and owner of the report to present a list of valid report options. Then click the report from the list that can be searched using the text search box. When hovering over a report name, you can select the information icon to display the name and description of the report. The report generated is based on the current scan’s results or the results in the Cumulative database.

Selecting the check mark causes that report to launch once the scan completes. Selecting the X removes the changes. Once added, you can modify or delete the report information.

Diagnostic Scans

If you experience issues with an active scan, Tenable Support may ask you to run a diagnostic scan to assist with troubleshooting. After SecurityCenter runs the diagnostic scan, download the diagnostic file and send it to Tenable Support.

For more information, see Run a Diagnostic Scan.

Copyright 2017-2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.