TOC & Recently Viewed

Recently Viewed Topics

Scan Zones

Path: Resources > Scan Zones

Scan zones represent areas of your network that you want to target in a scan, associating an IP address or range of IP addresses with one or more scanners in your deployment. You must create scan zones in order to run scans in SecurityCenter.

Tenable recommends pre-planning your scan zone strategy to efficiently target discrete areas of your network. If configured improperly, scan zones prevent scanners from reaching their targets. Consider the following best practices:

  • It is simplest to configure and manage a small number of scan zones with large ranges.
  • It is simplest to target ranges (versus large lists of individual IP addresses).
  • If you use Nessus Manager for agent management, do not target Nessus Manager in any scan zone ranges.
Option Description
Name A name for the scan zone.
Description (Optional) A description for the scan zone.
Ranges

One or more IP addresses that you want the scan zone to target. Supported formats:

  • a comma-separated list of IP addresses and/or CIDR addresses.
  • a newline-separated list of IP addresses and/or CIDR addresses.
  • a hyphenated range of IP addresses (e.g., 10.0.0.1-10.0.0.3).
Scanners

One or more scanners that you want to use to scan the Ranges in this scan zone.

Note: Do not choose scanners that cannot reach the areas of your network identified in the Ranges. Similarly, consider the quality of the network connection between the scanners you choose and the Ranges.

For more information, see Add a Scan Zone, Edit a Scan Zone, and Delete a Scan Zone.

Overlapping Scan Zones

In some cases, you may want to configure overlapping scan zones to ensure scanning coverage or redundancy.

Note: Do not configure overlapping scan zones without pre-planning your scan zone strategy.

Two or more scan zones are redundant if they target the same area of your network. If SecurityCenter executes a scan with redundant scan zones, it first attempts the scan using the narrowest, most specific scan zone.

In this example, the red dots 1, 2, 3, 4, 5, 6, and 7 represent specific IP addresses on your network. The blue circles represent the network coverage of Scan Zones A, B, C, D, E, and F.

See the following table to understand the primary and redundant scan zones for the IP addresses in this example.

IP Address Primary Scan Zone Redundant Scan Zones
1 Scan Zone A. None.
2 Scan Zone B. Scan Zone A.
3 Scan Zone C.

Scan Zone B, then Scan Zone A.

4 Scan Zone C. Scan Zone A.
5 Scan Zone D. Scan Zone A.
6 Scan Zone E. Scan Zone A.
7 Scan Zone F. Scan Zone E, then Scan Zone A.

Copyright 2017-2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.