Manage Scan Profiles
Scan profiles allow you to group the scan operations of different cloud resources and schedule scans according to your needs. For a project, there are two scan profiles — one that is system default scan profile that Tenable Cloud Security creates and other is the default scan profile.
To access the Manage Scan Profiles page:
-
On the home page, click Projects & Connections.
The Projects tab appears by default.
-
In the row for the project that you want to scan, click
> Manage cloud scan profiles.The Manage scan profiles window appears.
View Scan Profiles
You can view the list of scan profiles on the Manage scan profiles page.
To view the list of scan profiles:
-
On the home page, click Projects & Connections.
The Projects tab appears by default.
-
In the row for the project that you want to scan, click
> Manage cloud scan profiles.The Manage scan profiles window appears.
Note: Tenable Cloud Security displays the number of scan profiles above the scan profiles table on the Manage scan profiles window.The Manage scan profiles window displays the following details:
Column name Description Scan profile The name of the scan profile. The default scan profile name includes the Default tag next to the name. Resource types The number of resource types for the scan profile. Schedule interval The schedule configured for the scan. You can schedule only one scan at a time. Scan status The status of the scan. Tenable Cloud Security updates the following statuses for scan profiles:
-
In progress
-
Successful
-
Failed
-
Completed with errors
Actions Click Run Scan to initiate the scan for that scan profile.
In this column, click the
button to display the action options:-
Edit — Click this option to edit the scan profile.
-
Duplicate — Click this option to create a duplicate of the scan profile.
-
Schedule scan — Click this option to configure a scan schedule for the profile.
-
Use as default scan — Click this option to set the scan profile as the default.
-
Scan history — Click this option to view the scan history details.
-
Delete — Click this option to delete the scan profile. The Delete option is not available for the system default scan profile and the default scan profile.
-
Set a Default Scan Profile
Tenable Cloud Security provides a default scan profile for each cloud provider. You can set any scan profile that you created as the default one. All scheduled scans run based on the default scan profile.
To set a default scan profile:
-
On the home page, click Projects & Connections.
Tenable Cloud Security displays the list of projects in the Projects tab.
-
In the row for the project that you want to scan, click
> Manage cloud scan profiles.The Manage scan profiles window appears.
- In the row of the scan profile that you want to set as default , click > Use as default scan.
Tenable Cloud Security sets the scan profile as default and indicates it with the
icon.
Edit a Scan Profile
You can edit a scan profile and change its configuration.
To edit a scan profile:
-
On the home page, click Projects & Connections.
Tenable Cloud Security displays the list of projects in the Projects tab.
-
In the row for the project that you want to scan, click
> Manage cloud scan profiles.The Manage scan profiles window appears.
-
Click the scan profile that you want to edit.
The profile details appear.
- Click Edit profile.
The Edit scan profile for cloud window appears.
-
Modify the configuration as needed.
-
Click Save.
Tenable Cloud Security saves the scan profile with the modified configuration.
Copy a Scan Profile
To create a new scan profile based on an existing scan profile, you can create a copy of the scan profile by duplicating it. You can then edit the scan profile, if required.
To duplicate a scan profile:
-
On the home page, click Projects & Connections.
Tenable Cloud Security displays the list of projects in the Projects tab.
-
In the row for the project that you want to scan, click
> Manage cloud scan profiles.The Manage scan profiles window appears.
- In the row of the scan profile that you want to set as default , click > Duplicate.
Tenable Cloud Security creates a copy of the scan profile.
-
(Optional) Edit the scan profile.
Delete a Scan Profile
You can delete a scan profile that you no longer need.
To delete a scan profile:
-
Click Projects & Connections.
Tenable Cloud Security displays the list of projects in the Projects tab.
-
In the row for the project that you want to scan, click
> Manage cloud scan profiles.The Manage scan profiles window appears.
- In the row of the scan profile that you want to delete, click the > Delete.
A confirmation message appears.
-
Click Delete to delete the scan profile.
View Scan History
You can view the scan history for both Misconfiguration Scans and Vulnerability Scans. Log details for failed scans or scans with errors give you the reason for the scan failure.
To view the scan history details:
-
On the home page, click Projects & Connections.
Tenable Cloud Security displays the list of projects in the Projects tab.
-
In the row for the project that you want to scan, click
> Manage cloud scan profiles.The Manage scan profiles window appears.
- In the row of the scan profile for which you want to view the scan history, click > Scan history.
The Scan history window appears with the following details:
Column name Description Time started This is the scan start time. Scan type This shows the type of scan: Misconfiguration Scan or Vulnerability Scan. Scan status The status of the scan. Tenable Cloud Security updates the following statuses for scan profiles:
In progress
Click
to refresh the scan status.Successful
Successful
— For a scan that completes, but includes errors, you can download the log file by clicking the 
button.Failed — For a failed scan, you can click the
button to download the log file.
Scan jobs The total number of successful scans out of all the scans. Time elapsed The time elapsed since the scan started. Initiator Shows whether the scan was initiated by the scheduler or the user. - For vulnerability scans, click
to download scan logs.
Scan Logs
The scan log is a zip file containing a log file in the JSON format that you can download from the Scan History page. The following is an example of a scan log file:
{
"cloud_scan_group_id": "",
"cloud_scan_id": "",
"resource_id": "",
"instance_id": "",
"role_arn": "",
"external_id": "",
"workflow_id": "",
"last_workflow_state": "SNAPSHOT_CREATION_FAILED",
"workflow_logs": [
{
"state": "SNAPSHOT_CREATION_FAILED",
"message": "snapshot workflow failed: failed to get latest snapshotID from volumeID: failed to describe snapshots: operation error EC2: DescribeSnapshots, https response error StatusCode: 403, RequestID: 00f4c4cf-1cf7-46c1-8fff-8773ef7bc74c, api error UnauthorizedOperation: You are not authorized to perform this operation.",
"error": ""
}
]
}Scan Workflow Status
The following table shows the Agentless Assessment workflow statuses:
| Workflow Status | Description |
|---|---|
| REGION_NOT_SUPPORTED | The cloud region where this asset lives does not support Agentless Assessment scans at the moment. |
| WORKFLOW_INIT | A workflow is created for Agentless Assessment scan. |
| WORKFLOW_RESCHEDULED | A failure occurred during scanning and the system is automatically retrying the scan. |
| SNAPSHOT_REQUESTED | The system is preparing to perform a scan. |
| SNAPSHOT_REQUEST_QUEUED | The scan is in queue. |
| SNAPSHOT_CREATION_INITIATED | The scan is being processed. |
| SNAPSHOT_CREATION_FAILED | An issue occurred while attempting to read installed packages from the snapshot. See message in logs for details. |
| SNAPSHOT_CREATION_SUCCESS | The data necessary to generate a package inventory has been collected successfully. |
| CLUSTER_CREATION_INITIATED | The system is generating an inventory of installed packages. |
| SCANJOB_SUCCESS | The scan job completed successfully. |
| SCANJOB_FAILED | The scan job failed. |
|
The scan job completed successfully and internal metadata generated during the scan is being cleaned up from the system. |