Create a Scan (Unified Scan Configuration)

In Tenable.io, you can create scans using scan templates. For general information about templates and settings, see Scan Templates and Settings.

When you create a scan, Tenable.io assigns you owner permissions for the scan.

Tip: To quickly target specific vulnerabilities that previous scans have identified on your assets, create a Vulnerability Management remediation scan.

Note: Tenable.io limits the number of scans you can create to 10,000 scans. Tenable recommends you re-use scheduled scans instead of creating new scans. This approach helps to avoid latency issues in the user interface.

Note: Tenable.io excludes PCI Quarterly External scan data from dashboards, reports, and workbenches intentionally. This is due to the scan's paranoid nature, which may lead to false positives that Tenable.io would otherwise not detect. For more information, see PCI ASV Scanning Overview.

Note: You cannot apply more than 300,000 IP address targets to a scan.

Before you begin:

  • If you want to create a scan from a user-defined template, create a user-defined template as described in Create a User-Defined Template.
  • Create an access group for any targets you want to use in the scan and assign Can Scan permissions to the appropriate users.

To create a scan:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. In the left navigation plane, click Scans.

    The Scans page appears.

  3. Below Scans, choose to view Vulnerability Management Scans or Web Application Scans.

    This also determines whether you are creating a Vulnerability Management or Web Application scan.

  4. In the upper-right corner of the page, click the Create a Scan button.

    The Select a Scan Template page appears.

  5. Do one of the following:

    • If you are creating a Vulnerability Management scan, use the following procedure:

      1. Click the Nessus Scanner, Nessus Agent, or User Defined tab to view available templates for your scan.

        The tab appears.

        Note: Users with Scan Operator permissions can see and use only the user-defined templates shared with their account.

      2. Click the tile for the template you want to use for your scan.

        The Create a Scan page appears.

      3. Configure the scan:

        Tab Action
        Settings

        Configure the settings available in the scan template.

        Credentials

        Specify credentials you want Tenable.io to use to perform a credentialed scan.

        Compliance/SCAP Specify the platforms you want to audit. Tenable, Inc. provides best practice audits for each platform. Additionally, you can upload a custom audit file.
        Plugins Select security checks by plugin family or individual plugin.
      4. Do one of the following:

        • If you want to save without launching the scan, click Save.

          Tenable.io saves the scan.

        • If you want to save and launch the scan immediately, click Save & Launch.

          Note: If you scheduled the scan to run at a later time, the Save & Launch option is not available.

          Tenable.io saves and launches the scan.

    • If you are creating a Web Application scan, use the following procedure:

      1. Click the Web Application or User Defined tab to view available templates for your scan.

        The tab appears.

        Note: Users with Scan Operator permissions can see and use only the user-defined templates shared with their account.

      2. Click the tile for the template you want to use for your scan.

        The Create a Scan page appears.

      3. Configure the scan:

        Tab Action
        Settings Configure the settings available in the scan template. For more information, see Basic Settings in WAS Scans.
        Scope Specify the URLs and file types that you want to include in or exclude from your scan. For more information, see Scope Settings in WAS Scans.
        Assessment Specify how a scan identifies vulnerabilities and what vulnerabilities the scan identifies. This includes identifying malware, assessing the vulnerability of a system to brute force attacks, and the susceptibility of web applications. For more information, see Assessment Settings in WAS Scans.
        Advanced Specify advanced controls for scan efficiency.
        Credentials Specify credentials you want Tenable.io to use to perform a credentialed scan.
        Plugins Select security checks by plugin family or individual plugin.
      4. Do one of the following:

        • If you want to save without launching the scan, click Save.

          Tenable.io saves the scan.

        • If you want to save and launch the scan immediately, click Save & Launch.

          Note: If you scheduled the scan to run at a later time, the Save & Launch option is not available.

          Tenable.io saves and launches the scan.