Active Scan Settings

For more information, see Add an Active Scan.

General Options

Parameter

Description

General

Name

The scan name that is associated with the scan’s results and may be any name or phrase (for example, SystemA, DMZ Scan, or Daily Scan of the Web Farm).

Description

Descriptive information related to the scan.

Policy

The policy on which you want to base the scan. You can scroll through the list, or search by entering text in the search box at the top of the list of available policies.

Schedule

Schedule

The frequency you want to run the scan.

  • Now specifies that you want Tenable Security Center to launch the scan immediately without saving the configuration for later.

    Note: Scans configured to run Now do not appear on the Active Scans page.

  • Once specifies that you want Tenable Security Center to launch the scan at the specified time without saving the configuration for later.

    Note: Scans configured to run Once do not appear on the Active Scans page.

  • Daily, Weekly, or Monthly specifies that you want Tenable Security Center to launch the scan at a scheduled interval.

    Note: If you schedule your scan to repeat monthly, Tenable recommends setting a start date no later than the 28th day. If you select a start date that does not exist in some months (e.g., the 29th), Tenable Security Center cannot run the scan on those days.

  • On Demand specifies that you want to manually launch the scan at any time.

  • Dependent specifies that you want Tenable Security Center to launch the scan every time Tenable Security Center finishes a scheduled run of the dependent scan you select.

Settings Options

Parameter

Description

Basic

Scan Zone

Note: If your organization's Distribution Method setting is Locked Zone, you cannot modify this setting. If your organization's Distribution Method setting is Automatic Distribution Only, Tenable Security Center automatically chooses one or more scan zones and hides this setting.

Specifies the scan zone you want to use to run the scan. Depending on your organization's Distribution Method setting, you can select one of the following:

  • An available zone — use a single scan zone to run the scan.

    Note: If you select a single scan zone, Tenable Security Center ignores the ranges in the scan zone and scans all of the targets you specify in the scan configuration.

  • Automatic Distribution — allow Tenable Security Center to choose the best scan zone to run the scan.

For more information, see Organizations and Scan Zones.

Import Repository

Specifies the repository where Tenable Security Center imports the scan results. Select a IPv4, IPv6, or Universal repository to receive IPv4 or IPv6 results appropriate to the scan.

Scan Timeout Action

The action you want Tenable Security Center to perform in the event a scan is incomplete:

  • Import Completed Results With Rollover — (Default) The system imports the results from the scan into the database and creates a rollover scan that you can launch manually to complete the scan.

  • Import Completed Results — The system imports the results of the current scan and discards the information for the unscanned hosts.

  • Discard Results — The system does not import any of the results obtained by the scan to the database.

Rollover Schedule

If you set the Scan Timeout Action to Import results with Rollover, this option specifies how to handle the rollover scan. You can create the rollover scan as a template to launch manually, or to launch the next day at the same start time as the just-completed scan.

Advanced

Scan Virtual Hosts

Specifies whether the system treats a new DNS entry for an IP address as a virtual host as opposed to a DNS name update.

When Tenable Security Center finds a new DNS name for an IP address:

  • If Scan Virtual Hosts is enabled, vulnerability data for the two DNS names appears as two entries with the same IP address in the IP Summary analysis tool.

  • If Scan Virtual Hosts is disabled, vulnerability data for the two DNS names merge into a single IP address entry in the IP Summary analysis tool.

If you import scan results from a Universal repository, this option does not appear. Universal repositories treat hosts with the same IP address but unique FQDNs as different hosts. For more information, see Universal Repositories.

Track hosts which have been issued new IP address

This option uses the DNS name, NetBIOS name, Agent ID, and MAC address (if known), in that order, to track a host when its IP address changes. Once Tenable Security Center finds a match, Tenable Security Center does not search further for matches.

For example, if Tenable Security Center does not match a DNS name, but it does match a NetBIOS name, the system does not check the MAC address. Networks using DHCP require that you set this option to properly track hosts.

If you import scan results from a Universal repository, this option does not appear. Universal repositories do not rely on IP addresses to track hosts. For more information, see Universal Repositories.

Immediately remove vulnerabilities from scanned hosts that do not reply

If a previously responsive host does not reply to a scan, Tenable Security Center removes the host's vulnerabilities from the cumulative database. If the host has vulnerabilities in the mitigated database, they remain in the mitigated database.

  • If you enable this option, the system removes the vulnerabilities immediately after the scan completes.
  • If you disable this option, the system removes the vulnerabilities according to the interval set in the Number of days to wait before removing dead hosts option.

Number of days to wait before removing dead hosts

If you disable Immediately remove vulnerabilities from scanned hosts that do not reply, this value specifies how many days the system waits to remove vulnerabilities.

Max scan duration (hours)

Specifies the maximum number of hours you want a scan to run.

If a scan reaches this threshold, Tenable Security Center automatically creates a rollover scan that you can launch manually to complete the scan. Tenable Security Center creates a rollover scan regardless of your Scan Timeout Action setting.
Inactivity Timeout Duration (hours)

This setting specifies the maximum number of hours a scan will wait for a plugin to run before switching to a different scanner. The default value is 12 hours. You can specify a value from 1 to 120 hours.

Targets Options

The Targets section identifies the devices Tenable Security Center scans.

Option Description
Target Type

Specifies the target type for the scan:

  • Assets — Scan one or more assets. For more information, see Assets.

  • IP / DNS Name — Scan one or more IP addresses or DNS names.

  • Mixed—Scan a combination of asset lists, IP addresses, and DNS names.
Assets (Available if Target Type is Assets or Mixed) The list of assets to scan. Click to select or deselect the assets you want to scan.
IPs / DNS Names

(Available if Target Type is IP / DNS Name or Mixed) The IP addresses or DNS names you want to scan.

Specify IP addresses and DNS names using the following valid formats:

  • A single IPv4 address (for example, 192.0.2.202)

  • A single IPv6 address (for example, 2001:db8:d54e:cca6:4109:ac02:2fbe:134e)

  • An IP address range in dot-decimal or CIDR notation (for example, 192.0.2.0-192.0.2.255 or 192.0.2.0/24)

  • A resolvable hostname (for example, www.yourdomain.com)

Note: You cannot scan both IPv4 and IPv6 addresses in the same scan, because you can only select one Import Repository.

Credentials Options

The Credentials section allows users to select pre-configured credential sets for authenticated scanning. For more information, see Credentials.

Tenable Security Center active scans support the following credential types:

Post Scan Options

These options determine what actions occur immediately before and after the active scan completes.

Option Description

Reports to Run on Scan Completion

Add Report

This option provides a list of reports available to the user to run when the scan completes. For more information, see Add a Report to a Scan.