Create a Target Group

You can still use target groups to manage your scan targets. However, Tenable recommends that you instead use tags to group and scan your assets when possible. In the future, when tagging features and options match those currently available in target groups, Tenable will convert your target groups into tags and retire your existing target groups. No action is required on your part, and Tenable will provide you with 60 calendar days notice before converting and retiring your target groups. For more information, contact your Tenable representative.

System target groups:

Required User Role: Administrator

User target groups:

Required Vulnerability Management User Role: Scan Operator, Standard, Scan Manager, or Administrator

Note: System target groups and related functionality asset isolation are deprecated. To control scan permissions, use access groups instead.

You can still create and edit system target groups, as well as use system target groups in scan configurations and dashboard filters. However, Tenable recommends using user target groups instead.

To create a target group in the new interface:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. In the left navigation plane, click Settings.

    The Settings page appears.

  3. Click the Target Groups tile.

    The Target Groups page appears. By default, the System tab is active. This tab contains a table of system target groups.

  4. If you want to edit a user target group, click User. Otherwise, stay on the System target groups tab.

  5. In the upper-right corner of the page, click the Create Create Target Group button.

    The Create a Target Group page appears.

  6. Configure the General settings:




    A name for the target group.


    A comma-separated list of FQDNs, CIDR notation, or IP address ranges that you want to scan.

    Note: Scan targets listed by CIDR notation must be in one of the following formats:
    • xx.xx.0.0/16
    • xx.xx.xx.0/24

    Upload Targets

    A text file containing a comma-separated list of FQDNs or IP address ranges that you want to scan.

    The system adds the uploaded targets to the Targets box after you save the target group.

  7. Configure the user permissions for the group.

    Note: If you grant a user permissions in a target group, the user can use the target group in the Target Groups option for scan configurations. However, you must also grant the user Can Scan permissions in an access group for the targets, or excludes the targets from the scan results. For more information, see Access Groups.

  8. Click Save.

    One of the following occurs:

    • If you configured user permissions for the target group, creates the target group and adds it to the table on the Target Groups page.
    • If you retained the default No Access permissions for the target group, a confirmation window appears.

      In response, do one of the following:

      • If the default configuration is appropriate for the target group, click Continue to confirm your action.
      • If the default configuration is not appropriate for the target group, click Cancel to return to user permissions configuration for the target group.