Add an Active Scan

Required Tenable Security Center User Role: Organizational user with appropriate permissions. For more information, see User Roles.

For more information about active scan options, see Active Scan Settings.

Note: If you are scanning a Linux machine with Tenable Security Center, the Linux machine's shell configuration file must have a PS1 variable of four or more characters (for example, PS1='\u@\h:~\$ '). Having a PS1 variable of less than four characters (for example, PS1='\$ ') can drastically increase the overall scan time.

Before you begin:

  • Confirm you are running Tenable Nessus 6.3.6 or later.

  • Confirm you understand the complete scanning configuration process, as described in Active Scans.

To add an active scan:

  1. Log in to Tenable Security Center via the user interface.

  2. In the left navigation, click Scans > Active Scans.

    The Active Scans page appears.

  3. Click Add.

    The Add Active Scan page appears.

  4. Click General.

  5. Type a Name for the scan.

  6. (Optional) Type a Description for the scan.

  7. Select a Policy for the scan.

  8. (Optional) If you want to schedule the scan to run automatically, select a Schedule for the scan.

  9. Click Settings.

    The Settings tab appears.

  10. If prompted, select a preconfigured Scan Zone for the scan.

  11. Select an Import Repository for the scan.

  12. Select a Scan Timeout Action for the scan.

  13. Select a Rollover Schedule for the scan.

  14. Enable or disable the Advanced options.

  15. Click Targets.

    The Targets tab appears.

  16. Select a Target Type for the scan.

  17. Select one or more Assets and IPs / DNS Names for the scan.

  18. (Optional) To configure credentialed scanning, do the following:

    1. Click Credentials.

      The Credentials tab appears.

    2. Click Add Credential.

    3. In the drop-down boxes, select a credential type and a preconfigured credential.

    4. Click the check mark to save your selection.

  19. (Optional) If you want to configure multiple credentials for the active scan, repeat step 19.

    Note: When running an active scan, Tenable Security Center attempts authentication using the newest credentials added by an Administrator user. If the newest Administrator-added credentials do not match, Tenable Security Center attempts authentication with older Administrator-added credentials.

    Then, if no Administrator-added credentials match, Tenable Security Center attempts to authenticate using the newest credentials added by an organizational user. If the newest organizational user-added credentials do not match, Tenable Security Center attempts authentication with older organizational user-added credentials.

    If no credentials match, the scan runs without credentialed access.

  20. (Optional) To configure post-scan options, do the following: 

    1. Click Post Scan.

      The Post Scan tab appears.

    2. To configure automatic report generation, click Add Report.

    3. Select the report you want to run after the scan completes, as described in Add a Report to a Scan.

  21. Click Submit.

    Tenable Security Center saves your configuration.