Active Scans

In active scanning, the scanner sends packets to a remote target to provide a snapshot of network services and applications. compares this data to a plugin database to determine if any vulnerabilities are present. can also use a scanner located outside the local network to simulate what an external entity might see.

For more information about supported active scanner types (Nessus and deployments) in, see Nessus Scanners.

You can use credentialed Nessus scans, a type of active scanning, to perform highly accurate and rapid patch, configuration, and vulnerability audits on Unix, Windows, Cisco, and database systems by actually logging in to the target system with provided credentials. Credentialed scans can also enumerate all UDP and TCP ports in just a few seconds. can manage these credentials securely across thousands of different systems and also share the results of these audits only with users who need to access them.

For more information, see Manage Active Scans and Active Scan Settings.

To fully configure active scans using a Nessus or scanner:

  1. If you are configuring a Nessus scanner (not a deployment), configure scanning in Nessus, as described in Scans in the Nessus User Guide.

    Note: For information about credentialed scanning in Nessus, see Credentialed Checks in the Nessus User Guide.

  2. Add the Nessus scanner or your deployment in, as described in Nessus Scanners.
  3. Add a scan zone in, as described in Add a Scan Zone.
  4. Add a repository for the scan data in, as described in Add a Repository.
  5. Create active scan objects in, as described in:

    1. Add a Template-Based Asset or Add a Custom Asset.
    2. Add Credentials.
    3. Add a Template-Based Audit File or Add a Custom Audit File.
    4. Add a Scan Zone.
    5. Add a Scan Policy.
  6. Add an active scan in, as described in Add an Active Scan.

What to do next:

Special Active Scans

Diagnostic Scans

If you experience issues with an active scan, Tenable Support may ask you to run a diagnostic scan to assist with troubleshooting. After runs the diagnostic scan, download the diagnostic file and send it to Tenable Support.

For more information, see Run a Diagnostic Scan.

Remediation Scans

You can run a remediation scan to run a followup active scan against existing active scan results. A remediation scan evaluates a specific plugin against a specific target or targets where the related vulnerability was present in your earlier active scan.

For more information, see Launch a Remediation Scan.