TOC & Recently Viewed

Recently Viewed Topics

Agent Scans

Path: Scans > Agent Scans

The Agent Scans page displays a list of all available agent scans. Click the gear icon drop-down menu to perform basic scan management tasks:

  • View — view details about the agent scan.
  • Edit — edit settings for the agent scan.
  • Copy — copy settings for the agent scan and create a second, identical scan.
  • Delete — delete the agent scan.

Authorized users can create an import schedule for agent-based scans, as described in Add an Agent Scan. Newly created agent scan import schedules are shared to everyone within the same user group when users have the appropriate permissions.

To run a scan outside of the scheduled window or to pause a running scan, see Start or Pause a Scan.

When more than one Agent scan result is ready on™ or Nessus Manager, all of the scan results import.

General Options

The table below describes options available on the General tab.





The scan name associated with the scan’s results. This may be any name or phrase (e.g., SystemA, DMZ Scan, Daily Scan of the Web Farm, etc.).


Descriptive information related to the scan.

Agent Scanner

The Agent-enabled scanner from which to retrieve agent results.

Agent Scan Name Filter

A filter for agent scan results to retrieve from the Nessus Agent enabled scanner. Filters can use the specific name of the result(s) to retrieve or an asterisk (*) or question mark (?) for all or part of the scan result name(s) to retrieve. You can find the available Agent Scans retrieved from the selected scanner on the Scan page of the user logged in to the Nessus server.

If the agent scan retrieves results that match the filter, they appear when you click the Preview Filter button. If the agent scan does not retrieve results, the filter matches once the results are available.



The frequency you want to run the scan: selecting Now, Once, Daily, Weekly, Monthly, On Demand, or Dependent allows you to create an agent scan retrieval template that you can launch manually at any time. The other time frames allow you to retrieve scans at specified times and intervals.

You should retrieve agent scan results as close to the completion time of the scan as possible to most accurately display within SecurityCenter when the scan discovered the vulnerability results.

Basic Scan Options

Parameter Description


Import Repository

Specifies the repository where you want the agent scan results to import. Select a repository to receive IPv4 or IPv6 results appropriate to the imported scan.


Track hosts which have been issued new IP address

This option uses the DNS name, NetBIOS name, and MAC address (if known), in that order, to track a host when its IP address changes. Once a match has been made, SecurityCenter does not search further for matches. For example, if SecurityCenter does not match a DNS name, but it does match a NetBIOS name, the system does not check the MAC address. Networks using DHCP require that you set this option to properly track hosts.

Running a Scan

The scan distribution of a running scan consists of the following:

  • The number of targets (IPs/DNS names) in the scan.
  • The number of completed scans across all scanners (at the current instance).
  • The number of scans completed by each scanner used in the scan (at the current instance).

The counts update on a heartbeat while being viewed. The scan transitions to completed once all scans stop.

Post Scan

These options determine what actions occurs immediately before and after the agent scan completes. The table below describes the post scan options available to users:

Option Description

Reports to Run on Scan Completion

Add Report

This option provides a list of reports available to the user to run when the agent scan data import completes.

The initial choices are to click the group and owner of the report to present a list of valid report options. Next, click the report from the list that can be searched using the text search box. When hovering over a report name, you can select the information icon to display the name and description of the report. You can base the generated report on the current scan’s results or the results in the Cumulative database.

Selecting the check mark causes the report to launch once the scan completes. Selecting the X removes the changes. Once added, you can modify or delete the report information.

Copyright 2017-2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable,, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.