Manage Scan Policies

Add a Scan Policy

Required Tenable Security Center User Role: Administrator or organizational user with appropriate permissions. For more information, see User Roles.

You can create template-based or custom scan policies for your active scans. When you create a custom scan policy, you can configure any scan policy option. When you configure a template-based scan policy, you can configure the options included for the template type. For more information about Tenable-provided scan policy templates, see Scan Policy Templates.

For more information, see Scan Policies and Active Scans.

Template-Based Scan Policy

To add a template-based scan policy:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scanning > Policies (administrator users) or Scans > Policies (organizational users).

    The Policies page appears.

  3. At the top of the table, click Add.

    The Add Policy page appears.

  4. In the Template section, click a policy template. For more information, see Scan Policy Templates.

    The policy template page appears.

  5. Configure the options described in Scan Policy Options.

  6. Click Submit.

    Tenable Security Center saves your configuration.

Custom Scan Policy

To add a custom scan policy:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scanning > Policies (administrator users) or Scans > Policies (organizational users).

    The Policies page appears.

  3. At the top of the table, click Add.

    The Add Policy page appears.

  4. In the Custom section, click Advanced Scan.

    The Advanced Scan page appears.

  5. Configure the options described in Scan Policy Options.

  6. Click Submit.

    Tenable Security Center saves your configuration.

What to do next:

  • Reference the scan policy in an active scan configuration, as described in Add an Active Scan.

View Your Scan Policies

Required Tenable Security Center User Role: Administrator or organizational user with appropriate permissions. For more information, see User Roles.

To view a list of configured scan policies:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scanning > Policies (administrator users) or Scans > Policies (organizational users).

    The Policies page appears.

  3. View details about each scan policy.
    • Name — The name of the scan policy.
    • Label — The label applied to the scan policy.
    • Type — The name of the template used to add the scan policy.
    • Group — The group associated with the scan policy.
    • Owner — The username for the user associated with the scan policy.
    • Last Modified — The date and time the scan policy was last modified.

View Scan Policy Details

Required Tenable Security Center User Role: Administrator or organizational user with appropriate permissions. For more information, see User Roles.

You can view details for individual scan policies. For more information, see Scan Policies.

To view details of a scan policy:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scanning > Policies (administrator users) or Scans > Policies (organizational users).

    The Policies page appears.

  3. Right-click the row for the scan policy you want to view.

    The actions menu appears.

    -or-

    Select the check box for the scan policy you want to view.

    The available actions appear at the top of the table.

  4. Click View.

    The View Policy page appears.

    Section

    Action

    General

    View general information for the scan policy.

    • Name — The name of the scan policy.

    • Description — The description for the scan policy.

    • Label — The label applied to the scan policy.

    • Type — The name of the template used to add the scan policy.

    • Created — The date and time the scan policy was added.

    • Last Modified — The date and time the scan policy was last modified.

    • Owner — The username for the user associated with the scan policy.

    • Group — The group associated with the scan policy.

    • ID — The scan policy ID.

    Configuration

    (Template-based policies only) View a summary of options configured for the scan policy. For more information, see Scan Policy Options.

    Options tabs

    View all of the options configured for the scan policy. The tabs displayed depend on the scan policy type. For more information, see Scan Policy Options.

Edit a Scan Policy

Required Tenable Security Center User Role: Administrator or organizational user with appropriate permissions. For more information, see User Roles.

To edit a scan policy:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scanning > Policies (administrator users) or Scans > Policies (organizational users).

    The Policies page appears.

  3. Right-click the row for the scan policy you want to edit.

    The actions menu appears.

    -or-

    Select the check box for the scan policy you want to edit.

    The available actions appear at the top of the table.

  4. Click MoreEdit.

    The Edit Policy page appears.

  5. Modify the scan policy. For more information, see Scan Policy Options.

  6. Click Submit.

    Tenable Security Center saves your configuration.

Share or Revoke Access to a Scan Policy

Required Tenable Security Center User Role: Organizational user with appropriate permissions. For more information, see User Roles.

You can share or revoke access to a scan policy to allow or restrict access to a user group. When you share a scan policy with a user group, users in the group with the appropriate permissions can use the policy in an active scan, modify policy options, and more.

For more information, see Scan Policies. For more information about user groups, see Groups.

To share or revoke access to a scan policy:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scanning > Policies (administrator users) or Scans > Policies (organizational users).

    The Policies page appears.

  3. Right-click the row for the scan policy for which you want to share or revoke access.

    The actions menu appears.

    -or-

    Select the check box for the scan policy for which you want to share or revoke access.

    The available actions appear at the top of the table.

  4. Click Share.

    The Share Policy window appears.

  5. In the Share Policy window, select the groups for which you want to share or revoke access to the scan policy.

  6. Click Submit.

    Tenable Security Center saves your configuration.

Copy a Scan Policy

Required Tenable Security Center User Role: Administrator or organizational user with appropriate permissions. For more information, see User Roles.

For more information, see Scan Policies.

To create a copy of a scan policy:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scanning > Policies (administrator users) or Scans > Policies (organizational users).

    The Policies page appears.

  3. To copy a single scan policy:

    1. In the table, right-click the row for the scan policy you want to copy.

      The actions menu appears.

    To copy multiple scan policies:

    1. In the table, select the check box for each scan policy you want to copy.

      The available actions appear at the top of the table.

  4. Click Copy.

    Tenable Security Center copies the scan policy. The copy appears, named Copy of PolicyName.

Import a Scan Policy

Required Tenable Security Center User Role: Administrator or organizational user with appropriate permissions. For more information, see User Roles.

You can import a .nessus scan policy file from Tenable Nessus or from another Tenable Security Center to use in an active scan configuration. For more information, see Scan Policies.

Note: Imported scan policies do not include audit files or credentials. For more information, see Audit Files and Credentials.

Before you begin:

  • Ensure your PHP Serialization Mode setting is PHP Serialization ON. For more information, see Security Settings.

  • Do one of the following:

    • Export a scan policy from another Tenable Security Center, as described in Export a Scan Policy.

    • Export a scan policy from Tenable Nessus. For more information, see Policies in the Tenable Nessus User Guide.

To import a scan policy:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scanning > Policies (administrator users) or Scans > Policies (organizational users).

    The Policies page appears.

  3. At the top of the table, click Upload Policy.

    The Upload Policy page appears.

  4. In the Name box, type a name for the scan policy.

  5. (Optional) In the Description box, type a description for the scan policy.

  6. (Optional) In the Label box, type or select a label for the scan policy. For more information, see Labels.

  7. Click Choose File and browse to the .nessus scan policy file you want to import.

  8. Click Submit.

    Tenable Security Center imports the scan policy.

What to do next:

Export a Scan Policy

Required Tenable Security Center User Role: Administrator or organizational user with appropriate permissions. For more information, see User Roles.

Note: Exported scan policies are not backwards-compatible. For example, If you are running Tenable Security Center 6.1.0 or later and you export a scan policy, you can only import the scan policy into another instance of Tenable Security Center 6.1.0 or later.

You can export a scan policy as a .nessus file and import it to another Tenable Security Center to use in an active scan configuration.

In some cases, Tenable Support may also ask you to export a scan policy for troubleshooting.

Note: Exported scan policy files do not include audit files or credentials. You can re-configure audit files and credentials you want to use with the scan policy on the Tenable Security Center where you import the scan policy. For more information, see Audit Files and Credentials.

For more information, see Scan Policies.

Before you begin:

To export a scan policy:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scanning > Policies (administrator users) or Scans > Policies (organizational users).

    The Policies page appears.

  3. To export a single scan policy:

    1. In the table, right-click the row for the scan policy you want to export.

      The actions menu appears.

    To export multiple scan policies:

    1. In the table, select the check box for each scan policy you want to export.

      The available actions appear at the top of the table.

  4. Click Export.

    Tenable Security Center exports the scan policy as a .xml file.

What to do next:

  • Do any of the following:

    • Import the scan policy into another Tenable Security Center, as described in Import a Scan Policy.

    • If Tenable Support requested a scan policy file for troubleshooting, share the scan policy file with Tenable Support.

Delete a Scan Policy

Required Tenable Security Center User Role: Administrator or organizational user with appropriate permissions. For more information, see User Roles.

For more information, see Scan Policies.

Note: If you delete a scan policy referenced by an active scan, Tenable Security Center disables the scan. For more information, see Scan Results.

Before you begin:

  • If any active scans reference the scan policy you intend to delete, update the active scans to use a different scan policy, as described in Manage Active Scans.

To delete a scan policy:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scanning > Policies (administrator users) or Scans > Policies (organizational users).

    The Policies page appears.

  3. In the table, right-click the row for the scan policy you want to delete.

    The actions menu appears.

  4. Click Delete.

    A confirmation window appears.

  5. Click Delete.

    Tenable Security Center deletes the scan policy.

To delete multiple scan policies:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Scanning > Policies (administrator users) or Scans > Policies (organizational users).

    The Policies page appears.

  3. In the table, select the check box for each scan policy you want to delete.

    The available actions appear at the top of the table.

  4. At the top of the table, click Delete.

    A confirmation window appears.

  5. Click Delete.

    Tenable Security Center deletes the scan policies.