In active scanning, the scanner sends packets to a remote target to provide a snapshot of network services and applications. Tenable.sc compares this data to a plugin database to determine if any vulnerabilities are present. Tenable.sc can also use a scanner located outside the local network to simulate what an external entity might see.
For more information about supported active scanner types (Nessus and Tenable.io deployments) in Tenable.sc, see Nessus Scanners.
You can use credentialed Nessus scans, a type of active scanning, to perform highly accurate and rapid patch, configuration, and vulnerability audits on Unix, Windows, Cisco, and database systems by actually logging in to the target system with provided credentials. Credentialed scans can also enumerate all UDP and TCP ports in just a few seconds. Tenable.sc can manage these credentials securely across thousands of different systems and also share the results of these audits only with users who need to access them.
To fully configure active scans using a Nessus or Tenable.io scanner:
If you are configuring a Nessus scanner (not a Tenable.io deployment), configure scanning in Nessus, as described in Scans in the Nessus User Guide.
Note: For information about credentialed scanning in Nessus, see Credentialed Checks in the Nessus User Guide.
- Add the Nessus scanner or your Tenable.io deployment in Tenable.sc, as described in Nessus Scanners.
- Add a scan zone in Tenable.sc, as described in Add a Scan Zone.
- Add a repository for the scan data in Tenable.sc, as described in Add a Repository.
Create active scan objects in Tenable.sc, as described in:
- Add an active scan in Tenable.sc, as described in Add an Active Scan.
What to do next:
- View scan results, as described in Scan Results.
- View vulnerability data by IP address, as described in Vulnerability Analysis.
Special Active Scans
If you experience issues with an active scan, Tenable Support may ask you to run a diagnostic scan to assist with troubleshooting. After Tenable.sc runs the diagnostic scan, download the diagnostic file and send it to Tenable Support.
For more information, see Run a Diagnostic Scan.
You can run a remediation scan to run a followup active scan against existing active scan results. A remediation scan evaluates a specific plugin against a specific target or targets where the related vulnerability was present in your earlier active scan.
For more information, see Launch a Remediation Scan.