TOC & Recently Viewed

Recently Viewed Topics

Launch a Remediation Scan

12/21/17 - SMJ - This content is in progress. See https://jira.corp.tenablesecurity.com/browse/RDC-1742.

A remediation scan is a type of active scan. It evaluates a specific plugin against a specific target or targets where the related vulnerability was present in an earlier scan.

Remediation scans allow you to validate whether your vulnerability remediation actions on the targets have been successful. If a remediation scan cannot identify a vulnerability on targets where it was previously identified, the system changes the status of the vulnerability instances to mitigated. For more information about the methodology the system uses in remediation scans, see Mitigation Logic.

Note:

  • If the selected plugin requires dependent plugins, the system automatically includes those plugins in the remediation scan.
  • Remediation scans are intended for use with active scan results. Remediation scans are also available for agent scan results, but keep in mind that a remediation scan launches an active scan against the target, not an agent scan. Remediation scans are not available for passive scan or event scan results.
  • Remediation scans only evaluate plugins against the port you specify. Keep this in mind when launching a remediation scan for a plugin that typically targets multiple ports.
  • Remediation scans work best for un-credentialed network scan results. Use caution when running a remediation scan for a plugin that requires scan credentials. If you neglect to add scan credentials when required for a specific plugin, or if you mis-enter the credentials, the system may identify the related vulnerabilities as mitigated, not because they are mitigated, but because the system could not complete the credentialed scan.

You can launch a remediation scan directly on the Vulnerability Analysis page, rather than on the Active Scans page.

To launch a remediation scan:

  1. Log in to SecurityCenter as an organizational user with appropriate permissions. For more information, see User Roles.

  2. Click Analysis > Vulnerabilities.
  3. -or-

  4. Configure the settings for the scan.

    A remediation scan inherits certain settings from the vulnerability instance you selected. For example, the Launch Remediation Scan page:

    • Automatically populates the relevant plugin information.
    • Provides an editable scan name in the format "Remediation Scan of Plugin # number".
    • Populates the target IP address based on the asset where the previous scan identified the vulnerability.

    Unlike standard active scans:

    • You do not need to associate the remediation scan with a scan policy.
    • You cannot schedule a remediation scan. The scan launches as soon as you submit it.

    For all other scan parameters, configure as described in Active Scans.

  5. Click Submit.

Copyright 2017-2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.