Basic Settings in Tenable Web App Scanning Scans

Configure settings to specify basic organizational and security-related aspects of your scan configuration. This includes specifying the name of the scan, one or more targets, whether the scan is scheduled, and who has access to the scan.

You can configure settings when you create a scan or user-defined scan template and select any scan type. For more information, see Scan Templates.

Tip: If you want to save your settings configurations and apply them to other scans, you can create and configure a user-defined scan template.

The Basic settings include the following sections:

General

The general settings for a scan.

Setting Default Value Description Required
Name none Specifies the name of the scan or template. Yes
Description none Specifies a description of the scan or template. No
Folder My Scans Specifies the folder where the scan appears after being saved. Yes
Scanner Type Internal Scanner Specifies whether a local, internal scanner or a cloud-managed scanner performs the scan, and determines whether the Scanner field lists local or cloud-managed scanners to choose from. Yes
Scanner varies Specifies the scanner that performs the scan. Yes
Target none

Specifies the URL for the target you want to scan, as it appears on your Tenable Web App Scanning license. Regular expressions and wildcards are not allowed. Targets must start with the http:// or https:// protocol identifier.

The Import from file link opens a file manager window. You can import a target list in TXT format with one target per line. The file must be 1MB or smaller, and each line must be shorter than 4096 characters. After you add targets, you can search and delete targets from the list. You cannot modify targets inline.

Tip: If you upload a new target list, it replaces any existing targets in the scan. If you have multiple target lists, consolidate them in one file before you upload them to Tenable Web App Scanning.

You can add up to 1000 targets to a scan, with the exception of scans that include API targets. API scans support only one target at a time.

Note: If the URL you type in the Target box has a different FQDN host from the URL that appears on your license, and your scan runs successfully, the new URL you type counts as an additional asset on your license.

Note: If you create a user-defined scan template, the target setting is not saved to the template. Type a target each time you create a new scan.

Yes

Schedule

The schedule settings for the scan.

Note: If you create a user-defined scan template, your schedule settings are not saved to the scan template. Configure the schedule settings each time you create a new scan.

Setting

Default

Description

Schedule

off

A toggle that specifies whether the scan is scheduled. By default, scans are not scheduled.

When the Schedule toggle is disabled, the other schedule settings remain hidden.

Click the toggle to enable the schedule and view the remaining Schedule settings.

Frequency

Once

Specifies how often the scan is launched.

Note: The frequency with which you scan your target(s) depends on several factors (e.g., how often you update your web application, the content your web application contains, etc.). For most web applications, Tenable recommends at least monthly scans.

  • Once: Schedule the scan at a specific time.
  • Daily: Schedule the scan to occur on a daily basis, at a specific time, up to 20 days.
  • Weekly: Schedule the scan to occur on a recurring basis, by time and day of week, up to 20 weeks.
  • Monthly: Schedule the scan to occur every 1-20 months, by:
    • Day of Month: The scan repeats on a specific day of the month at the selected time.
    • Week of Month: The scan repeats monthly on the week you begin the scan. For example, if you select a start date of October 3rd, and that falls on the first week of the month, then the scan repeats the first week of each subsequent month at the selected time.

    Note: If you schedule your scan to recur monthly and by time and day of the month, Tenable recommends setting a start date no later than the 28th day. If you select a start date that does not exist in some months (e.g., the 29th), Tenable Vulnerability Management cannot run the scan on those days.

  • Yearly: Schedule the scan to occur every year, by time and day, up to 20 years.

Starts

varies

Specifies the exact date and time at which a scan launches.

Note: If you schedule an excessive number of scans to run concurrently, you may exhaust the scanning capacity on Tenable Web App Scanning. If necessary, Tenable Web App Scanning staggers concurrent scans to ensure consistent scanning performance.

The starting date defaults to the date you create the scan. The starting time is the next hour interval, displayed in 24-hour clock format. For example, if you create your scan on October 31, 2019 at 9:12 PM, the default starting date and time is 10/31/2019 and 22:00.

Timezone

varies

The time zone of the value set for Starts.

Notifications

The notification settings for a scan.

Setting Default Value Description
Email Recipient(s) None Specifies zero or more email addresses, separated by commas, whitespace, or new lines that are alerted when a scan completes and the results are available.

User Permissions

Share the scan or user-defined scan template with other users by setting permissions for users. For more information on adding or editing user permissions, see Set Scan Permissions.

Permission Description
No Access (Default) Users set to this permission cannot interact with the scan in any way.
Can View Users set to this permission can view the results of the scan.
Can Control In addition to the tasks allowed by Can View, users with this permission can launch and stop a scan. They cannot view or edit the scan configuration or delete the scan.
Can Configure In addition to the tasks allowed by Can Control, users with this permission can view the scan configuration and modify any setting for the scan except scan ownership. They can also delete the scan.

Data Sharing

Setting Default Value Description
Scan Results Show in dashboard Specifies whether the results of the scan should be kept private or appear on your Dashboard and Findings pages. When set to Keep private, the scan results Last Seen dates do not update and you must access the scan directly to view the results.