TOC & Recently Viewed

Recently Viewed Topics

Scanning Overview

There are three methods of scanning in SecurityCenter: active scanning via Nessus or, agent scanning via Nessus or, and passive scanning via NNM. Configuring all methods provides a comprehensive view of the organization’s security posture and reduces false positives.

For more information about Tenable scanning strategies, see the Tenable Scan Strategy Guide.

Active Scanning Overview

In active scanning, the scanner sends packets to a remote target to provide a snapshot of network services and applications. These are compared to a plugin database to determine if any vulnerabilities are present. SecurityCenter can also use a scanner located outside the local network to simulate what an external entity might see.

For more information about scanner types (managed Nessus, unmanaged Nessus, and in SecurityCenter, see Nessus Scanners.

Credentialed Nessus scans, a type of active scanning, can be leveraged to perform highly accurate and rapid patch, configuration, and vulnerability audits on Unix, Windows, Cisco, and database systems by actually logging in to the target system with provided credentials. Credentialed scans can also enable the ability to enumerate all UDP and TCP ports in just a few seconds. SecurityCenter can securely manage these credentials across thousands of different systems and also share the results of these audits only with users who have a need to know.

To fully configure active scanning:

  1. If you are configuring a Nessus scanner (not a deployment), configure scanning in Nessus, as described in the Nessus User Guide.

    Note: For information about credentialed scanning in Nessus, see the Nessus User Guide.

  2. Add a scan zone in SecurityCenter, as described in Add a Scan Zone.
  3. Add the Nessus scanner or your deployment in SecurityCenter, as described in Nessus Scanners.
  4. Add a repository for the scan data in SecurityCenter, as described in Add a Repository.
  5. Create active scan objects in SecurityCenter, as described in:

    1. Add an Asset from a Template or Add a Custom Asset.
    2. Add Credentials.
    3. Add a Template-Based Audit File or Add a Custom Audit File.
    4. Add a Scan Zone.
    5. Add a Scan Policy.
  6. Add a scan policy in SecurityCenter, as described in Add a Scan Policy.

  7. Add an active scan in SecurityCenter, as described in Active Scans.

What to do next:

Agent Scanning Overview

To perform agent scanning, SecurityCenter imports agent scan results from agent-capable or Nessus Manager scanners. Using Nessus agents for scanning reduces network usage and allows devices to maintain their scan schedules even when disconnected from the network. SecurityCenter can import these results for review in conjunction with other acquired information about the host and network.

To fully configure agent scanning:

  1. Configure Nessus Agents in either or Nessus Manager, as described in the Nessus Agent Deployment and User Guide.
  2. Add or Nessus Manager as a Nessus scanner in SecurityCenter, as described in Nessus Scanners.
  3. Add an agent repository in SecurityCenter, as described in Add a Repository.
  4. Add an agent scan in SecurityCenter, as described in Agent Scans.

What to do next:

Passive Scanning Overview

SecurityCenter can manage one or more Tenable Nessus Network Monitor (NNM) scanners. NNM provides continuous discovery of new hosts, new applications, and new vulnerabilities. It runs 24x7 and discovers highly accurate client and server vulnerability information. SecurityCenter fuses this information with the active or credentialed scan results from Nessus.

To fully configure passive scanning:

  1. Configure NNM, as described in the Nessus Network Monitor User Guide.
  2. Add an IPv4 or IPv6 repository for the NNM data in SecurityCenter, as described in Add a Repository.
  3. Add an NNM scanner in SecurityCenter, as described in Nessus Network Monitor (PVS).

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable,, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.