Compliance in Vulnerability Management Scans

Note: If a scan is based on a user-defined template, you cannot configure Compliance settings in the scan. You can only modify these settings in the related user-defined template.

Tenable.io can perform vulnerability scans of network services as well as log in to servers to discover any missing patches.

However, a lack of vulnerabilities does not mean the servers are configured correctly or are “compliant” with a particular standard.

You can use Tenable.io to perform vulnerability scans and compliance audits to obtain all of this data at one time. If you know how a server is configured, how it is patched, and what vulnerabilities are present, you can determine measures to mitigate risk.

At a higher level, if this information is aggregated for an entire network or asset class, security and risk can be analyzed globally. This allows auditors and network managers to spot trends in non-compliant systems and adjust controls to fix these on a larger scale.

When configuring a scan or policy, you can include one or more compliance checks, also known as audits. Each compliance check requires specific credentials.

Some compliance checks are preconfigured by Tenable, but you can also create and upload custom audits.

For more information on compliance checks and creating custom audits, see the Compliance Checks Reference.

Compliance Check Required Credentials
Adtran AOS SSH
Alcatel TiMOS SSH
Amazon AWS Amazon AWS
Arista EOS SSH
Blue Coat ProxySG SSH
Brocade FabricOS SSH
Check Point GAiA SSH
Cisco ACI SSH
Cisco Firepower SSH
Cisco IOS SSH
Citrix XenServer SSH
Database Database
Dell Force10 FTOS SSH
Extreme ExtremeXOS SSH
F5 F5
FireEye SSH
Fortigate FortiOS SSH
Generic SSH SSH
HP ProCurve SSH
Huawei VRP SSH
IBM iSeries IBM iSeries
Juniper Junos SSH
Microsoft Azure Microsoft Azure
Mobile Device Manager AirWatch, Apple Profile Manager, or Mobileiron
MongoDB MongoDB
NetApp API NetApp API
OpenStack OpenStack
NetApp Data ONTAP SSH
Palo Alto Networks PAN-OS PAN-OS
Rackspace Rackspace
RHEV RHEV
Salesforce.com Salesforce SOAP API
SonicWALL SonicOS SSH
Unix SSH
Unix File Contents SSH
VMware vCenter/vSphere VMware ESX SOAP API or VMware vCenter SOAP API
WatchGuard SSH
Windows Windows
Windows File Contents Windows
ZTE ROSNG SSH