Create a Scan

In Tenable.io, you can create scans using scan templates. For general information about templates and settings, see Scan Templates and Settings.

When you create a scan, Tenable.io assigns you owner permissions for the scan.

Tip: To quickly target specific vulnerabilities that previous scans have identified on your assets, create a Vulnerability Management remediation scan.

Note: Tenable.io limits the number of scans you can create to 10,000 scans. Tenable recommends you re-use scheduled scans instead of creating new scans. This approach helps to avoid latency issues in the user interface.

Note: Tenable.io excludes PCI Quarterly External scan data from dashboards, reports, and workbenches intentionally. This is due to the scan's paranoid nature, which may lead to false positives that Tenable.io would otherwise not detect. For more information, see Get Started with PCI ASV Scanning.

Note: You cannot apply more than 300,000 IP address targets to a scan.

Before you begin:

• If you want to create a scan from a user-defined template, create a user-defined template as described in Create a User-Defined Template.
• Create an access group for any targets you want to use in the scan and assign Can Scan permissions to the appropriate users.

To create a scan:

1. In the upper-left corner, click the button.

   The left navigation plane appears.

2. In the left navigation plane, click Scans.

   The Scans page appears.

3. Below Scans, choose to view Vulnerability Management Scans or Web Application Scans.

   This also determines whether you are creating a Vulnerability Management or Web Application scan.

4. In the upper-right corner of the page, click the Create a Scan button.

   The Select a Scan Template page appears.

5. Do one of the following:

   • If you are creating a Vulnerability Management scan, use the following procedure:

     1. Click the Nessus Scanner, Nessus Agent, or User Defined tab to view available templates for your scan.

        The tab appears.

        Note: Users with Scan Operator permissions can see and use only the user-defined templates shared with their account.

     2. Click the tile for the template you want to use for your scan.

        The Create a Scan page appears.

     3. Configure the scan:

        Tab	Action
        Settings	Configure the settings available in the scan template. Basic Settings — Specifies the organizational and security-related aspects of a scan template. This includes specifying the name of the scan, its targets, whether you want to schedule the scan, and who has permissions for the scan. Discovery Settings in Vulnerability Management Scans — Specifies how a scan performs discovery and port scanning. Assessment Settings in Vulnerability Management Scans — Specifies how a scan identifies vulnerabilities, as well as what vulnerabilities are identified. This includes identifying malware, assessing the vulnerability of a system to brute force attacks, and the susceptibility of web applications. Report Settings in Vulnerability Management Scans — Specifies whether the scan generates a report. Advanced Settings in Vulnerability Management Scans — Specifies advanced controls for scan efficiency.
        Credentials	Specify credentials you want Tenable.io to use to perform a credentialed scan.
        Compliance/SCAP	Specify the platforms you want to audit. Tenable, Inc. provides best practice audits for each platform. Additionally, you can upload a custom audit file.
        Plugins	Select security checks by plugin family or individual plugin.

     4. Do one of the following:

        • If you want to save without launching the scan, click Save.

          Tenable.io saves the scan.

        • If you want to save and launch the scan immediately, click Save & Launch.

          Note: If you scheduled the scan to run at a later time, the Save & Launch option is not available.

          Tenable.io saves and launches the scan.

   • If you are creating a Web Application scan, use the following procedure:

     1. Click the Web Application or User Defined tab to view available templates for your scan.

        The tab appears.

        Note: Users with Scan Operator permissions can see and use only the user-defined templates shared with their account.

     2. Click the tile for the template you want to use for your scan.

        The Create a Scan page appears.

     3. Configure the scan:

        Tab	Action
        Settings	Configure the settings available in the scan template. For more information, see Basic Settings in WAS Scans.
        Scope	Specify the URLs and file types that you want to include in or exclude from your scan. For more information, see Scope Settings in WAS Scans.
        Assessment	Specify how a scan identifies vulnerabilities and what vulnerabilities the scan identifies. This includes identifying malware, assessing the vulnerability of a system to brute force attacks, and the susceptibility of web applications. For more information, see Assessment Settings in WAS Scans.
        Advanced	Specify advanced controls for scan efficiency.
        Credentials	Specify credentials you want Tenable.io to use to perform a credentialed scan.
        Plugins	Select security checks by plugin family or individual plugin.

     4. Do one of the following:

        • If you want to save without launching the scan, click Save.

          Tenable.io saves the scan.

        • If you want to save and launch the scan immediately, click Save & Launch.

          Note: If you scheduled the scan to run at a later time, the Save & Launch option is not available.

          Tenable.io saves and launches the scan.