Active Scan Settings (Tenable Security Center 6.5.x)

General Options

Parameter	Description
General
Name	The scan name that is associated with the scan’s results and may be any name or phrase (for example, SystemA, DMZ Scan, or Daily Scan of the Web Farm).
Description	Descriptive information related to the scan.
Policy	The policy on which you want to base the scan. You can scroll through the list, or search by entering text in the search box at the top of the list of available policies.
Schedule
Schedule	The frequency you want to run the scan. Now specifies that you want Tenable Security Center to launch the scan immediately without saving the configuration for later. Note: Scans configured to run Now do not appear on the Active Scans page. Once specifies that you want Tenable Security Center to launch the scan at the specified time without saving the configuration for later. Note: Scans configured to run Once do not appear on the Active Scans page. Daily, Weekly, or Monthly specifies that you want Tenable Security Center to launch the scan at a scheduled interval. Note: If you schedule your scan to repeat monthly, Tenable recommends setting a start date no later than the 28th day. If you select a start date that does not exist in some months (e.g., the 29th), Tenable Security Center cannot run the scan on those days. On Demand specifies that you want to manually launch the scan at any time. Dependent specifies that you want Tenable Security Center to launch the scan every time Tenable Security Center finishes a scheduled run of the dependent scan you select.

Settings Options

Parameter	Description
Basic
Scan Zone	Note: If your organization's Distribution Method setting is Locked Zone, you cannot modify this setting. If your organization's Distribution Method setting is Automatic Distribution Only, Tenable Security Center automatically chooses one or more scan zones and hides this setting. Specifies the scan zone you want to use to run the scan. Depending on your organization's Distribution Method setting, you can select one of the following: An available zone — use a single scan zone to run the scan. Note: If you select a single scan zone, Tenable Security Center ignores the ranges in the scan zone and scans all of the targets you specify in the scan configuration. Automatic Distribution — allow Tenable Security Center to choose the best scan zone to run the scan. For more information, see Organizations and Scan Zones.
Import Repository	Specifies the repository where Tenable Security Center imports the scan results. Select a IPv4, IPv6, or Universal repository to receive IPv4 or IPv6 results appropriate to the scan.
Scan Timeout Action	The action you want Tenable Security Center to perform in the event a scan is incomplete: Import Completed Results With Rollover — (Default) The system imports the results from the scan into the database and creates a rollover scan that you can launch manually to complete the scan. Import Completed Results — The system imports the results of the current scan and discards the information for the unscanned hosts. Discard Results — The system does not import any of the results obtained by the scan to the database.
Rollover Schedule	If you set the Scan Timeout Action to Import results with Rollover, this option specifies how to handle the rollover scan. You can create the rollover scan as a template to launch manually, or to launch the next day at the same start time as the just-completed scan.
Advanced
Scan Virtual Hosts	Specifies whether the system treats a new DNS entry for an IP address as a virtual host as opposed to a DNS name update. When Tenable Security Center finds a new DNS name for an IP address: If Scan Virtual Hosts is enabled, vulnerability data for the two DNS names appears as two entries with the same IP address in the IP Summary analysis tool. If Scan Virtual Hosts is disabled, vulnerability data for the two DNS names merge into a single IP address entry in the IP Summary analysis tool. If you import scan results from a Universal repository, this option does not appear. Universal repositories treat hosts with the same IP address but unique FQDNs as different hosts. For more information, see Universal Repositories.
Track hosts which have been issued new IP address	This option uses the DNS name, NetBIOS name, Agent ID, and MAC address (if known), in that order, to track a host when its IP address changes. Once Tenable Security Center finds a match, Tenable Security Center does not search further for matches. For example, if Tenable Security Center does not match a DNS name, but it does match a NetBIOS name, the system does not check the MAC address. Networks using DHCP require that you set this option to properly track hosts. If you import scan results from a Universal repository, this option does not appear. Universal repositories do not rely on IP addresses to track hosts. For more information, see Universal Repositories.
Immediately remove vulnerabilities from scanned hosts that do not reply	If a previously responsive host does not reply to a scan, Tenable Security Center removes the host's vulnerabilities from the cumulative database. If the host has vulnerabilities in the mitigated database, they remain in the mitigated database. If you enable this option, the system removes the vulnerabilities immediately after the scan completes. If you disable this option, the system removes the vulnerabilities according to the interval set in the Number of days to wait before removing dead hosts option.
Number of days to wait before removing dead hosts	If you disable Immediately remove vulnerabilities from scanned hosts that do not reply, this value specifies how many days the system waits to remove vulnerabilities.
Max scan duration (hours)	Specifies the maximum number of hours you want a scan to run. If a scan reaches this threshold, Tenable Security Center automatically creates a rollover scan that you can launch manually to complete the scan. Tenable Security Center creates a rollover scan regardless of your Scan Timeout Action setting. Note: If there is a scan window set, the Max scan duration setting must be longer than the scan window to allow time to generate the scan results.
Inactivity timeout duration (hours)	This setting specifies the maximum number of hours a scan will wait for a plugin to run before switching to a different scanner. The default value is 12 hours. You can specify a value from 1 to 120 hours. The value for Inactivity timeout duration must be less than the value for Max scan duration.

Targets Options

The Targets section identifies the devices Tenable Security Center scans.

Option	Description
Target Type	Specifies the target type for the scan: Assets — Scan one or more assets. For more information, see Assets. IP / DNS Name — Scan one or more IP addresses or DNS names. Mixed—Scan a combination of asset lists, IP addresses, and DNS names.
Assets	(Available if Target Type is Assets or Mixed) The list of assets to scan. Click to select or deselect the assets you want to scan.
IPs / DNS Names	(Available if Target Type is IP / DNS Name or Mixed) The IP addresses or DNS names you want to scan. Specify IP addresses and DNS names using the following valid formats: A single IPv4 address (for example, 192.0.2.202) A single IPv6 address (for example, 2001:db8:d54e:cca6:4109:ac02:2fbe:134e) An IP address range in dot-decimal or CIDR notation (for example, 192.0.2.0-192.0.2.255 or 192.0.2.0/24) A resolvable hostname (for example, www.yourdomain.com) Note: You can only scan IPv4 and IPv6 addresses when using Universal Repositories.

Option

Description

Target Type

Specifies the target type for the scan:

Assets — Scan one or more assets. For more information, see Assets.
IP / DNS Name — Scan one or more IP addresses or DNS names.
Mixed—Scan a combination of asset lists, IP addresses, and DNS names.

Assets

(Available if Target Type is Assets or Mixed) The list of assets to scan. Click to select or deselect the assets you want to scan.

IPs / DNS Names

(Available if Target Type is IP / DNS Name or Mixed) The IP addresses or DNS names you want to scan.

Specify IP addresses and DNS names using the following valid formats:

A single IPv4 address (for example, 192.0.2.202)
A single IPv6 address (for example, 2001:db8:d54e:cca6:4109:ac02:2fbe:134e)
An IP address range in dot-decimal or CIDR notation (for example, 192.0.2.0-192.0.2.255 or 192.0.2.0/24)
A resolvable hostname (for example, www.yourdomain.com)

Note: You can only scan IPv4 and IPv6 addresses when using Universal Repositories.

Credentials Options

The Credentials section allows users to select pre-configured credential sets for authenticated scanning. For more information, see Credentials.

Tenable Security Center active scans support the following credential types:

Post Scan Options

These options determine what actions occur immediately before and after the active scan completes.

Option	Description
Reports to Run on Scan Completion
Add Report	This option provides a list of reports available to the user to run when the scan completes. For more information, see Add a Report to a Scan.