Create a Scan

Required User Role: Standard, Scan Manager, or Administrator

To create a scan:

  1. In the top navigation bar, click the Scans button.

    The My Scans page appears.

  2. In the upper-right corner, click New Scan.

    The Scan Templates page appears.

  3. Click the Web Application tab.

    The Web Application templates appear.

  4. Select one of the following template types based on the scan you want to run:

    • Web App Overview — Run a high-level preliminary scan that determines which URLs in your web application that Web Application Scanning scans by default.

      Note: Tenable recommends that you run a Web Application Overview scan the first time you scan a web application. Based on the results, when you run a full Web App Scan, you can use the default settings or configure the template options to exclude certain URLs.

    • Web App Scan — Run a scan on your web application for vulnerabilities.
    • Legacy Web App Scan — Use a Nessus scanner to run a scan on your web application for vulnerabilities.

      Note: Unlike the Web Application Scanning scanner, the Nessus scanner does not use a browser to scan your web applications. Therefore, a Legacy Web App Scan is not as comprehensive as a Web App Scan.

    • PCI WAS Scan — Run a scan for PCI compliance.
  5. In the Name box, type a name for the scan.
  6. In the Targets box, type the web application target (hostname or fully-qualified domain name (FQDN)) for the web application you want to scan for the target you want to scan.

    Note: You can scan only one web application target per scan configuration.

  7. (Optional) To select a scanner other that the default scanner, in the Scanner drop-down box, select a new scanner. For more information, see Cloud Scanners.
  8. (Optional) To modify your scan settings, configure the options in the scan template.
  9. Depending on when you want to launch your scan, do one of the following:

    Note: If you schedule an excessive number of scans to run concurrently, you may exhaust the scanning capacity on Web Application Scanning. If necessary, staggers concurrent scans to ensure consistent scanning performance.

    • If you want to launch the scan later, click Save. Web Application Scanning saves your scan.

    • If you want to launch the scan immediately:

      1. Click the Save drop-down button.
      2. Click Launch. Web Application Scanning queues the scan to launch.