Create a Tenable Vulnerability Management Scan

Required Tenable Vulnerability Management User Role: Scan Operator, Standard, Scan Manager, or Administrator

In Tenable Vulnerability Management, you can create discovery, assessment, and agent scans using scan templates. For general information about templates and settings, see Scan Templates and Settings.

For a demonstration on creating and launching a basic scan, see the following video:

When you create a scan, Tenable Vulnerability Management assigns you owner permissions for the scan.

Tip: To quickly target specific vulnerabilities that previous scans have identified on your assets, create a remediation scan.

Note: PCI Quarterly External scan data is intentionally excluded from dashboards, reports, and workbenches. This is due to the scan's paranoid nature, which may lead to false positives that would otherwise not be detected. For more information, see Tenable PCI ASV Scans.

Before you begin:

  • View Tenable Vulnerability Management scan limitations.
  • If you want to create a scan from a user-defined template, create a user-defined template as described in Create a User-Defined Template.
  • Create an access group for any targets you want to use in the scan and assign Can Scan permissions to the appropriate users.

To create a scan:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. In the left navigation plane, in the Vulnerability Management section, click Scans.

    The Scans page appears.

    Note: You can also directly access the Create a Scan page via the Discover and Assess page.

  3. In the upper-right corner of the page, click Create a Scan.

    The Select a Scan Template page appears.

  4. Click the Nessus Scanner, Nessus Agent, or User Defined tab to view available templates for your scan.

    The tab appears.

    Note: Users with Scan Operator permissions can see and use only the user-defined templates that are shared with their account.

    Tip: For information about creating Tenable Web App Scanning scans, see Create a Tenable Web App Scanning Scan.

  5. Click the tile for the template you want to use for your scan.

    The Create a Scan page appears.

  6. Configure the scan:

    Tab Action
    Settings

    Configure the settings available in the scan template.

    • Basic Settings — Specifies the organizational and security-related aspects of a scan template. This includes specifying the name of the scan, its targets, whether you want to schedule the scan, and who has permissions for the scan.
    • Discovery Settings — Specifies how a scan performs discovery and port scanning.
    • Assessment Settings — Specifies how a scan identifies vulnerabilities, as well as what vulnerabilities are identified. This includes identifying malware, assessing the vulnerability of a system to brute force attacks, and the susceptibility of web applications.
    • Report Settings — Specifies whether the scan generates a report.
    • Advanced Settings — Specifies advanced controls for scan efficiency.
    Credentials

    Specify credentials you want Tenable Vulnerability Management to use to perform a credentialed scan.
    Compliance/SCAP Specify the platforms you want to audit. Tenable, Inc. provides best practice audits for each platform. Additionally, you can upload a custom audit file.
    Plugins Select security checks by plugin family or individual plugin.

  7. Do one of the following:

    • If you want to save without launching the scan, click Save.

      Tenable Vulnerability Management saves the scan.

    • If you want to save and launch the scan immediately, click Save & Launch.

      Note: If you scheduled the scan to run at a later time, the Save & Launch option is not available.

      Tenable Vulnerability Management saves and launches the scan.