Create a Vulnerability Management Scan
Required Tenable.io Vulnerability Management User Role: Scan Operator, Standard, Scan Manager, or Administrator
In Tenable.io, you can create discovery, assessment, and agent scans using scan templates. For general information about templates and settings, see Scan Templates and Settings.
For a demonstration on creating and launching a basic scan, see the following video:
When you create a scan, Tenable.io assigns you owner permissions for the scan.
Tip: To quickly target specific vulnerabilities that previous scans have identified on your assets, create a remediation scan.
Note:<![CDATA[ ]]> Tenable.io limits the number of scans you can create to 10,000 scans. Tenable recommends you re-use scheduled scans instead of creating new scans. This approach helps to avoid latency issues in the user interface.
Note: PCI Quarterly External scan data is intentionally excluded from dashboards, reports, and workbenches. This is due to the scan's paranoid nature, which may lead to false positives that would otherwise not be detected. For more information, see Get Started with PCI ASV Scanning.
Note: You cannot apply more than 300,000 IP address targets to a scan.
Before you begin:
- If you want to create a scan from a user-defined template, create a user-defined template as described in Create a User-Defined Template.
- Create an access group for any targets you want to use in the scan and assign Can Scan permissions to the appropriate users.
To create a scan:
In the upper-left corner, click the button.
The left navigation plane appears.
In the left navigation plane, in the Vulnerability Management section, click Scans.
The Scans page appears.
Note: You can also directly access the Create a Scan page via the Discover and Assess page.
In the upper-right corner of the page, click Create a Scan.
The Select a Scan Template page appears.
Click the Nessus Scanner, Nessus Agent, or User Defined tab to view available templates for your scan.
The tab appears.
Note: Users with Scan Operator permissions can see and use only the user-defined templates that are shared with their account.
Tip: For information about creating Web Application scans, see Create a WAS Scan.
Click the tile for the template you want to use for your scan.
The Create a Scan page appears.
Configure the scan:
Tab Action Settings
Configure the settings available in the scan template.
- Basic Settings — Specifies the organizational and security-related aspects of a scan template. This includes specifying the name of the scan, its targets, whether you want to schedule the scan, and who has permissions for the scan.
- Discovery Settings in Vulnerability Management Scans — Specifies how a scan performs discovery and port scanning.
- Assessment Settings in Vulnerability Management Scans — Specifies how a scan identifies vulnerabilities, as well as what vulnerabilities are identified. This includes identifying malware, assessing the vulnerability of a system to brute force attacks, and the susceptibility of web applications.
- Report Settings in Vulnerability Management Scans — Specifies whether the scan generates a report.
- Advanced Settings in Vulnerability Management Scans — Specifies advanced controls for scan efficiency.
Specify credentials you want Tenable.io to use to perform a credentialed scan.
Compliance/SCAP Specify the platforms you want to audit. Tenable, Inc. provides best practice audits for each platform. Additionally, you can upload a custom audit file. Plugins Select security checks by plugin family or individual plugin.
Do one of the following:
If you want to save without launching the scan, click Save.
Tenable.io saves the scan.
If you want to save and launch the scan immediately, click Save & Launch.
Note: If you scheduled the scan to run at a later time, the Save & Launch option is not available.
Tenable.io saves and launches the scan.Note: Tenable.io limits scan chunks to 10,000 hosts or 150,000 findings. If a scan chunk exceeds either value, Tenable.io does not process the scan and eventually aborts it.