Tenable-Provided Nessus Scanner Templates

Tenable provides the following scanner templates for specific scanning purposes. For general information about scan templates and settings, see Scan Templates and Settings.

Note: If a plugin requires authentication or settings to communicate with another system, the plugin is not available on agents. This includes, but is not limited to:

  • Patch management.
  • Mobile device management.
  • Cloud infrastructure audit.
  • Database checks that require authentication.

Instead, use Tenable-provided Nessus Agent templates for agent scanning.

Scanner templates fall into three categories: Vulnerability Scans (Common), Configuration Scans, and Tactical Scans.

Template Description
Vulnerability Scans (Common)
Advanced Network Scan

An scan without any recommendations, so that you can fully customize the scan settings.

Basic Network Scan

Performs a full system scan that is suitable for any host. For example, you could use this template to perform an internal vulnerability scan on your organization's systems.

Credentialed Patch Audit

Authenticates hosts and enumerates missing updates.

Host Discovery

Performs a simple scan to discover live hosts and open ports.

Internal PCI Network Scan

Performs an internal PCI DSS (11.2.1) vulnerability scan.

Legacy Web App Scan

Uses a Nessus scanner to scan your web applications.

Note: Unlike the Tenable.io Web Application Scanning scanner, the Nessus scanner does not use a browser to scan your web applications. Therefore, a Legacy Web App Scan is not as comprehensive as a Web App Scan.

Mobile Device Scan

Assesses mobile devices via Microsoft Exchange or an MDM.

PCI Quarterly External Scan

Performs quarterly external scans as required by PCI.

Note: Because the nature of a PCI ASV scan is more paranoid and may lead to false positives, the scan data is not included in the aggregate Tenable.io data. This is by design.

Configuration Scans
Audit Cloud Infrastructure Audits the configuration of third-party cloud services.
MDM Config Audit Audits the configuration of mobile device managers.
Offline Config Audit

Audits the configuration of network devices.

Policy Compliance Auditing

Audits system configurations against a known baseline.

SCAP and OVAL Auditing

Audits systems using SCAP and OVAL definitions.

Tactical Scans

2021 Threat Landscape Restrospective (TLR)

Detects vulnerabilities featured in Tenable's 2021 Threat Landscape Retrospective report.

Active Directory Starter Scan

Scans for misconfigurations in Active Directory.

Note: Active Directory Starter Scans require ADSI credentials. For more information, see Miscellaneous.

CISA Alerts AA22-011A and AA22-047A Performs remote and local checks for vulnerabilities from recent CISA alerts.
ContiLeaks Performs remote and local checks for ContiLeaks vulnerabilities.
GHOST (glibc) Detection Performs remote and local checks for CVE-2015-0235.
Intel AMT Security Bypass

Performs remote and local checks for CVE-2017-5689.


Detects the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j via local checks.

Log4Shell Remote Checks

Detects the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j via remote checks.

Log4Shell Vulnerability Ecosystem

Detects the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j via local and remote checks. This template is dynamic and is regularly updated with new plugins as third-party vendors patch their software.

Malware Scan

Scans for malware on Windows and Unix systems.


Performs local checks for CVE-2021-34527, the PrintNightmare Windows Print Spooler vulnerability.

ProxyLogon: MS Exchange

Performs remote and local checks to detect Microsoft Exchange Server vulnerabilities related to CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.

Ransomware Ecosystem Performs local and remote checks for common ransomware vulnerabilities.
Ripple20 Remote Scan

Detects hosts running the Treck stack in the network, which may be affected by Ripple20 vulnerabilities.


Detects SolarWinds Solorigate vulnerabilities using remote and local checks.

Spectre and Meltdown

Performs remote and local checks for CVE-2017-5753, CVE-2017-5715, and CVE-2017-5754.

WannaCry Ransomware

Scans for the WannaCry ransomware (MS17-010).

Zerologon Remote Scan

Detects Microsoft Netlogon elevation of privilege vulnerability (Zerologon).