Preconfigured Assessment Settings

Certain Tenable-provided Tenable Nessus templates include preconfigured assessment settings, described in the following table. The preconfigured assessment settings are determined by both the template and the Mode that you select.

Template Mode Preconfigured Settings
Vulnerability Scans (Common)
Advanced Network Scan All defaults
Basic Network Scan Default
  • General Settings:
    • Avoid false alarms
    • Disable CGI scanning
  • Web Applications:
    • Disable web application scanning

Scan for known web vulnerabilities

  • General Settings:
    • Avoid potential false alarms
    • Enable CGI scanning
  • Web Applications:
    • Start crawling from "/"
    • Crawl 1000 pages (max)
    • Traverse 6 directories (max)
    • Test for known vulnerabilities in commonly used web applications
    • Generic web application tests disabled
Scan for all web vulnerabilities (quick)
  • General Settings:
    • Avoid potential false alarms
    • Enable CGI scanning
  • Web Applications:
    • Start crawling from "/"
    • Crawl 1000 pages (max)
    • Traverse 6 directories (max)
    • Test for known vulnerabilities in commonly used web applications
    • Perform each generic web app test for 5 minutes (max)
Scan for all web vulnerabilities (complex)
  • General Settings:
    • Avoid potential false alarms
    • Enable CGI scanning
    • Perform thorough tests
  • Web Applications:
    • Start crawling from "/"
    • Crawl 1000 pages (max)
    • Traverse 6 directories (max)
    • Test for known vulnerabilities in commonly used web applications
    • Perform each generic web app test for 10 minutes (max)
    • Try all HTTP methods
    • Attempt HTTP Parameter Pollution
Custom

All defaults

Credentialed Patch Audit All defaults
Host Discovery
Internal PCI Network Scan Default
  • General Settings:
    • Avoid false alarms
    • Disable CGI scanning
  • Web Applications:
    • Disable web application scanning

Scan for known web vulnerabilities

  • General Settings:
    • Avoid potential false alarms
    • Enable CGI scanning
  • Web Applications:
    • Start crawling from "/"
    • Crawl 1000 pages (max)
    • Traverse 6 directories (max)
    • Test for known vulnerabilities in commonly used web applications
    • Generic web application tests disabled
Scan for all web vulnerabilities (quick)
  • General Settings:
    • Avoid potential false alarms
    • Enable CGI scanning
  • Web Applications:
    • Start crawling from "/"
    • Crawl 1000 pages (max)
    • Traverse 6 directories (max)
    • Test for known vulnerabilities in commonly used web applications
    • Perform each generic web app test for 5 minutes (max)
Scan for all web vulnerabilities (complex)
  • General Settings:
    • Avoid potential false alarms
    • Enable CGI scanning
    • Perform thorough tests
  • Web Applications:
    • Start crawling from "/"
    • Crawl 1000 pages (max)
    • Traverse 6 directories (max)
    • Test for known vulnerabilities in commonly used web applications
    • Perform each generic web app test for 10 minutes (max)
    • Try all HTTP methods
    • Attempt HTTP Parameter Pollution
Custom

All defaults

Legacy Web App Scan

Scan for known web vulnerabilities

  • General Settings:
    • Avoid potential false alarms
    • Enable CGI scanning
  • Web Applications:
    • Start crawling from "/"
    • Crawl 1000 pages (max)
    • Traverse 6 directories (max)
    • Test for known vulnerabilities in commonly used web applications
    • Generic web application tests disabled
Scan for all web vulnerabilities (quick) (Default)
  • General Settings:
    • Avoid potential false alarms
    • Enable CGI scanning
  • Web Applications:
    • Start crawling from "/"
    • Crawl 1000 pages (max)
    • Traverse 6 directories (max)
    • Test for known vulnerabilities in commonly used web applications
    • Perform each generic web app test for 5 minutes (max)
Scan for all web vulnerabilities (complex)
  • General Settings:
    • Avoid potential false alarms
    • Enable CGI scanning
    • Perform thorough tests
  • Web Applications:
    • Start crawling from "/"
    • Crawl 1000 pages (max)
    • Traverse 6 directories (max)
    • Test for known vulnerabilities in commonly used web applications
    • Perform each generic web app test for 10 minutes (max)
    • Try all HTTP methods
    • Attempt HTTP Parameter Pollution
Custom

All defaults

Mobile Device Scan
PCI Quarterly External Scan
Configuration Scans    
Audit Cloud Infrastructure
MDM Config Audit
Offline Config Audit
Policy Compliance Auditing
SCAP and OVAL Auditing
Tactical Scans
Badlock Detection Web Crawler defaults
Bash Shellshock Detection Web Crawler defaults

DROWN Detection

Intel AMT Security Bypass
Malware Scan Malware defaults
Shadow Brokers Scan
Spectre and Meltdown Detection  
WannaCry Ransomware Detection