Discovery Scans vs. Assessment Scans
You can perform two types of scans using Tenable products: discovery scans and assessment scans. Tenable recommends performing discovery scans to get an accurate picture of the assets on your network and assessment scans to understand the vulnerabilities on your assets.
For information about how discovered and assessed assets are counted towards your license, see Tenable Vulnerability Management Licenses.
Type | Description | Licensing |
---|---|---|
Discovery scans |
Find assets on your network. For example:
For a demonstration on how to create discovery scans, see the following video:
|
Assets identified by discovery scans do not count toward your license. |
Assessment scans |
Find vulnerabilities on your assets. For example, run an authenticated or unauthenticated scan using a Tenable Nessus scanner or Tenable Nessus Agent. Authenticated Scans Configure authenticated scans, also known as credentialed scans, by adding access credentials to your assessment scan configuration. Credentialed scans can perform a wider variety of checks than non-credentialed scans, which can result in more accurate scan results. This facilitates scanning of a very large network to determine local exposures or compliance violations. Credentialed scans can perform any operation that a local user can perform. The level of scanning depends on the privileges granted to the user account. The more privileges the scanner has via the login account (e.g., root or administrator access), the more thorough the scan results. For more information, see Credentials in Tenable Vulnerability Management Scans. Unauthenticated Scans If you do not add access credentials to your assessment scan configuration, Tenable Vulnerability Management performs a limited number of checks when scanning your assets. |
In general, assets assessed by assessment scans count toward your license. |