Tenable-Provided Nessus Agent Templates

You can use templates to create an agent scan configuration or user-defined scan template.

In Tenable.io, Tenable-provided templates for agent scans appear in the Nessus Agent tab. The interface provides brief explanations of each default template.

Note: If you create custom templates for agent scans, those templates appear in the User Defined tab.

The following table briefly describes the settings for the default agent scan templates.

For a comprehensive explanation of template settings, see the Nessus Manager Scan and Policy Settings or Tenable.io Scan Settings.



Advanced Agent Scan

An agent scan without any recommendations, so that you can fully customize the scan settings. In Tenable.io, the Advanced Agent Scan template allows for two scanning methods:

  • Scan Window - Specify the timeframe during which the agent must report to be included and visible in vulnerability reports.

  • Triggered Scans - Provide the agent with specific criteria that indicates when to launch a scan. The agent launches the scan when one (or more) of the criteria are met. For more information, see Basic Settings in the Tenable.io User Guide.

Note: When you create an agent scan using the Advanced Agent Scan template, you must also select the plugins you want to use for the scan.

Agent Log4Shell Agent detection of Apache Log4j CVE-2021-44228.
Basic Agent Scan

Scans systems connected via Nessus Agents.

Malware Scan

Scans for malware on systems connected via Nessus Agents.

Policy Compliance Auditing

Audits system configurations against a known baseline for systems connected via Nessus Agents.

SCAP and OVAL Agent Auditing

Audits systems using SCAP and OVAL definitions for systems connected via Nessus Agents.

Collect Inventory

Scans a compiled inventory via Frictionless Assessment Nessus Agents. For more information about inventory scanning, see Special Use Templates in the Nessus Agent User Guide.

Note: Collect Inventory scans provide coverage for:

  • RedHat local security checks

  • CentOS local security checks

  • Amazon Linux local security checks

  • Debian local security checks

  • Fedora local security checks

  • SUSE local security checks

  • Ubuntu local security checks

  • Windows/Microsoft bulletin checks (All Windows roll-up checks since 2017)

Collect Inventory scans do not currently provide coverage for:

  • Malware and compliance checks

  • Third-party Linux application detection (for example, Apache HTTP or Postgres) for instances not installed via dpkg or rpm

  • Third-party Windows applications (for example, Google Chrome or Mozilla Firefox)

  • Microsoft product Patch Tuesday updates (for example, Exchange or Sharepoint)

Note:Nessus Agents running on MacOS and Nessus Agents older than version 10.1.0 do not execute inventory scans, and are excluded from scan results.