Basic Settings in Tenable PCI ASV

You can use Basic settings to specify organizational and security-related aspects of a scan configuration. This includes specifying the name of the scan, its targets, whether the scan is scheduled, and who has access to the scan.

Note: To learn more about scan limitations in Tenable PCI ASV, see Scan Limitations.

The Basic settings include the following sections:

General
Basic Settings in Tenable PCI ASV
Notifications
User Permissions

General

The general settings for a scan.

Setting	Default Value	Description
Name	None	Specifies the name of the scan.
Description	None	(Optional) Specifies a description of the scan.
Scan Results	Keep private	Specifies whether the results of the scan should appear in dashboards or be kept private. When set to Keep private, you must access the scan directly to view the results. Important: By default, PCI scan data is excluded from dashboards, reports, and workbenches. To view this data, you must set the Scan Results setting to Show in the workbenches, dashboards, and reports.
Folder	My Scans	Specifies the folder where the scan appears after being saved. You cannot specify a folder when you launch a remediation scan. All remediation scans appear in the Remediation Scans folder only.
Scanner Type	Internal Scanner	Specifies whether a local, internal scanner or a cloud-managed scanner performs the scan, and determines whether the Scanner field lists local or cloud-managed scanners to choose from.
Scanner	Auto-Select	Select a scanner based on the location of the targets you want to scan. For example: Select a linked scanner to scan non-routable IP addresses. Note: Auto-select is not available for cloud scanners. Select a scanner group if you want to: Improve scan speed by balancing the scan load among multiple scanners. Rebuild scanners and link new scanners in the future without having to update scanner designations in scan configurations. Select Auto-Select to enable scan routing for the targets.
Tags	None	Select one or more tags to scan all assets that have any of the specified tags applied. To see a list of assets identified by the specified tags, click View Assets.
Scan Window	Disabled	(Tenable Nessus Scanner templates only) Specifies the timeframe after which the scan automatically stops. Use the drop-down box to select an interval of time, or click to type a custom scan window. Note: The scan window timeframe only applies to the scan job. After the scan job completes within the timeframe, or once the scan job stops due to the scan window ending, Tenable PCI ASV may still need to index the scan job for up to 24 hours. This can cause the scan not to show as Completed after the scan window is complete. Once Tenable PCI ASV indexes the scan, it shows as Completed.
Network	Default
Targets	None	Specifies one or more targets to be scanned. If you select a target group or upload a targets file, you are not required to specify additional targets. The targets you specify must be appropriate to the scanner you select for the scan. For example, cloud scanners cannot scan non-routable IP addresses. Select an internal scanner instead. Tip: You can force Tenable PCI ASV to use a given hostname for a server during a scan by using the `hostname[ip]` syntax (for example, `www.example.com[192.168.1.1]`). However, you cannot use this approach if you enable scan routing for the scan. Note: You cannot apply more than 300,000 IP address targets to a scan. To learn more about scan limitations in Tenable PCI ASV, see Scan Limitations. Note: See Permissions for more information on how permissions affect targets.
Upload Targets	None	Uploads a text file that specifies targets. The targets file must be formatted in the following manner: ASCII file format Only one target per line No extra spaces at the end of a line No extra lines following the last target Note: Unicode/UTF-8 encoding is not supported.

Schedule

The scan schedule settings.

By default, scans are not scheduled. When you first access the Schedule section, the Enable Schedule setting appears, set to Off. To modify the settings listed on the following table, click the Off button. The rest of the settings appear.

Note: Scheduled scans do not run if they are in the scan owner's Trash folder.

Setting	Default Value	Description
Frequency	Once	Specifies how often the scan is launched. Once: Schedule the scan at a specific time. Daily: Schedule the scan to occur every 1-20 days, at a specific time. Weekly: Schedule the scan to occur every 1-20 weeks, by time and day or days of the week. Monthly: Schedule the scan to occur every 1-20 months, by: Day of Month: The scan repeats monthly on a specific day of the month at the selected time. For example, if you select a start date of October 3, the scan repeats on the 3rd of each subsequent month at the selected time. Week of Month: The scan repeats monthly on a specific day of the week. For example, if you select a start date of the first Monday of the month, the scan runs on the first Monday of each subsequent month at the selected time. Note: If you schedule your scan to recur monthly and by time and day of the month, Tenable recommends setting a start date no later than the 28th day. If you select a start date that does not exist in some months (for example, the 29th), Tenable PCI ASV cannot run the scan on those days. Yearly: Schedule the scan to occur every 1-20 years, by time and date.
Starts	Varies	Specifies the exact date and time when a scan launches. The starting date defaults to the date when you are creating the scan. The starting time is the nearest half-hour interval. For example, if you create your scan on 09/31/2018 at 9:12 AM, the default starting date and time is set to 09/31/2018 and 09:30.
Timezone	Varies	Specifies the timezone of the value set for Starts.

Setting

Default Value

Description

Frequency

Once

Specifies how often the scan is launched.

Once: Schedule the scan at a specific time.
Daily: Schedule the scan to occur every 1-20 days, at a specific time.
Weekly: Schedule the scan to occur every 1-20 weeks, by time and day or days of the week.
Monthly: Schedule the scan to occur every 1-20 months, by:
- Day of Month: The scan repeats monthly on a specific day of the month at the selected time. For example, if you select a start date of October 3, the scan repeats on the 3rd of each subsequent month at the selected time.
- Week of Month: The scan repeats monthly on a specific day of the week. For example, if you select a start date of the first Monday of the month, the scan runs on the first Monday of each subsequent month at the selected time.
Note: If you schedule your scan to recur monthly and by time and day of the month, Tenable recommends setting a start date no later than the 28th day. If you select a start date that does not exist in some months (for example, the 29th), Tenable PCI ASV cannot run the scan on those days.
Yearly: Schedule the scan to occur every 1-20 years, by time and date.

Starts

Varies

Specifies the exact date and time when a scan launches.

The starting date defaults to the date when you are creating the scan. The starting time is the nearest half-hour interval. For example, if you create your scan on 09/31/2018 at 9:12 AM, the default starting date and time is set to 09/31/2018 and 09:30.

Timezone

Varies

Specifies the timezone of the value set for Starts.

Notifications

The notification settings for a scan.

Setting	Default Value	Description
Email Recipient(s)	None	Specifies zero or more email addresses, separated by commas, that are alerted when a scan completes and the results are available.
Result Filters	None	Defines the type of information to be emailed.
SMS Recipient(s)	None	Specifies zero or more phone numbers, separated by commas, that are alerted when a scan completes and the results are available.

User Permissions

You can share the scan with other users by setting permissions for users or groups. When you assign a permission to a group, that permission applies to all users within the group.

Tip: Tenable recommends assigning permissions to user groups, rather than individual users, to minimize maintenance as individual users leave or join your organization.

Permission	Description
No Access	(Default user only) Groups and users set to this permission cannot interact with the scan in any way.
Can View	Groups and users with this permission can view the results of the scan, export the scan results, and move the scan to the Trash folder. They cannot view the scan configuration or permanently delete the scan.
Can Execute	In addition to the tasks allowed by Can View, groups and users with this permission can launch, pause, and stop a scan. They cannot view the scan configuration or permanently delete the scan. Note: In addition to Can Execute permissions for the scan, users running a scan must have Can Scan permissions in an access group for the specified target, or the scanner does not scan the target.
Can Edit	In addition to the tasks allowed by Can Execute, groups and users with this permission can view the scan configuration and modify any setting for the scan except scan ownership. They can also delete the scan. Note: Only the scan owner can change scan ownership. Note: User roles override scan permissions in the following cases: A basic user cannot run a scan or configure a scan, regardless of the permissions assigned to that user in the individual scan. An administrator always has the equivalent of Can Edit permissions, regardless of the permissions set for the administrator account in the individual scan.