Preconfigured Discovery Settings

Certain Tenable-provided scanner templates include preconfigured discovery settings, described in the following table. The preconfigured discovery settings are determined by both the template and the Scan Type that you select.

Template Scan Type Preconfigured Settings
Vulnerability Scans (Common)
Advanced Network Scan All defaults
Basic Network Scan Port scan (common ports) (default)

  • General Settings:

    • Always test the local Nessus host
    • Use fast network discovery
  • Port Scanner Settings:
    • Scan common ports
    • Use netstat if credentials are provided
    • Use SYN scanner if necessary

  • Ping hosts using:

    • TCP
    • ARP
    • ICMP (2 retries)
Port scan (all ports)

  • General Settings:

    • Always test the local Nessus host
    • Use fast network discovery
  • Port Scanner Settings:
    • Scan all ports (1-65535)
    • Use netstat if credentials are provided
    • Use SYN scanner if necessary

  • Ping hosts using:

    • TCP
    • ARP
    • ICMP (2 retries)
Custom

All defaults

Credentialed Patch Audit Port scan (common ports) (default)

  • General Settings:

    • Always test the local Nessus host
    • Use fast network discovery
  • Port Scanner Settings:
    • Scan common ports
    • Use netstat if credentials are provided
    • Use SYN scanner if necessary

  • Ping hosts using:

    • TCP
    • ARP
    • ICMP (2 retries)
Port scan (all ports)

  • General Settings:

    • Always test the local Nessus host
    • Use fast network discovery
  • Port Scanner Settings:
    • Scan all ports (1-65535)
    • Use netstat if credentials are provided
    • Use SYN scanner if necessary

  • Ping hosts using:

    • TCP
    • ARP
    • ICMP (2 retries)
Custom

All defaults

Host Discovery

Host enumeration (default)

  • General Settings:

    • Always test the local Nessus host
    • Use fast network discovery

  • Ping hosts using:

    • TCP
    • ARP
    • ICMP (2 retries)
OS Identification

  • General Settings:

    • Always test the local Nessus host
    • Use fast network discovery

  • Ping hosts using:

    • TCP
    • ARP
    • ICMP
Port scan (common ports)

  • General Settings:

    • Always test the local Nessus host
    • Use fast network discovery
  • Port Scanner Settings:
    • Scan common ports
    • Use netstat if credentials are provided
    • Use SYN scanner if necessary

  • Ping hosts using:

    • TCP
    • ARP
    • ICMP (2 retries)
Port scan (all ports)

  • General Settings:

    • Always test the local Nessus host
    • Use fast network discovery
  • Port Scanner Settings:
    • Scan all ports (1-65535)
    • Use netstat if credentials are provided
    • Use SYN scanner if necessary

  • Ping hosts using:

    • TCP
    • ARP
    • ICMP (2 retries)
Custom

All defaults

Internal PCI Network Scan Port scan (common ports) (default)

  • General Settings:

    • Always test the local Nessus host
    • Use fast network discovery
  • Port Scanner Settings:
    • Scan common ports
    • Use netstat if credentials are provided
    • Use SYN scanner if necessary

  • Ping hosts using:

    • TCP
    • ARP
    • ICMP (2 retries)
Port scan (all ports)

  • General Settings:

    • Always test the local Nessus host
    • Use fast network discovery
  • Port Scanner Settings:
    • Scan all ports (1-65535)
    • Use netstat if credentials are provided
    • Use SYN scanner if necessary

  • Ping hosts using:

    • TCP
    • ARP
    • ICMP (2 retries)
Custom

All defaults

Legacy Web App Scan

Port scan (common ports) (default)

  • General Settings:

    • Always test the local Nessus host
    • Use fast network discovery
  • Port Scanner Settings:
    • Scan common ports
    • Use netstat if credentials are provided
    • Use SYN scanner if necessary

  • Ping hosts using:

    • TCP
    • ARP
    • ICMP (2 retries)
Port Scan (all ports)

  • General Settings:

    • Always test the local Nessus host
    • Use fast network discovery
  • Port Scanner Settings:
    • Scan all ports (1-65535)
    • Use netstat if credentials are provided
    • Use SYN scanner if necessary

  • Ping hosts using:

    • TCP
    • ARP
    • ICMP (2 retries)

Custom

All defaults

Mobile Device Scan
PCI Quarterly External Scan Scan unresponsive hosts default
Configuration Scans    
Audit Cloud Infrastructure
MDM Config Audit
Offline Config Audit
Policy Compliance Auditing

Default (default)
  • General Settings:
    • Ping the remote host
    • Always test the local Tenable Nessus host

  • Scan all devices, including:

    • Printers
    • Novell Netware hosts
Custom

All defaults

SCAP and OVAL Auditing

Host enumeration (default)

  • General Settings:

    • Always test the local Nessus host
    • Use fast network discovery

  • Ping hosts using:

    • TCP
    • ARP
    • ICMP (2 retries)
Custom

All defaults

Tactical Scans
Badlock Detection

Quick

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan TCP ports 23, 25, 80, and 443
    • Detect SSL/TLS on ports where it is commonly used
Normal (default)

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan the default Nessus port range
    • Detect SSL/TLS on ports where it is commonly used
Thorough

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan all TCP ports
    • Detect SSL on all open ports
Custom

All defaults

Bash Shellshock Detection

Quick

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan TCP ports 23, 25, 80, and 443
    • Detect SSL/TLS on ports where it is commonly used

  • Scan all devices, including:

    • Printers
    • Novell Netware hosts
Normal (default)

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan the default Nessus port range
    • Detect SSL/TLS on ports where it is commonly used

  • Scan all devices, including:

    • Printers
    • Novell Netware hosts
Thorough

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan all TCP ports
    • Detect SSL on all open ports

  • Scan all devices, including:

    • Printers
    • Novell Netware hosts
Custom

All defaults

DROWN Detection

Quick

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan TCP ports 23, 25, 80, and 443
    • Detect SSL/TLS on ports where it is commonly used
Normal (default)

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan the default Nessus port range
    • Detect SSL/TLS on ports where it is commonly used

Thorough

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan all TCP ports
    • Detect SSL on all open ports
Custom

All defaults

Intel AMT Security Bypass Quick

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan TCP ports 16992, 16993, 623, 80, and 443
    • Detect SSL/TLS on ports where it is commonly used
Normal (default)

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan the default Nessus port range
    • Detect SSL/TLS on ports where it is commonly used
Thorough

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan all TCP ports
    • Detect SSL on all open ports
Custom

All defaults

Malware Scan Host enumeration (default)

  • General Settings:

    • Always test the local Nessus host
    • Use fast network discovery

  • Ping hosts using:

    • TCP
    • ARP
    • ICMP (2 retries)

Host enumeration (include fragile hosts)

  • General Settings:

    • Always test the local Nessus host
    • Use fast network discovery

  • Ping hosts using:

    • TCP
    • ARP
    • ICMP (2 retries)

  • Scan all devices, including:

    • Printers
    • Novell Netware hosts
Custom

All defaults

Shadow Brokers Scan Normal (default)

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan the default Nessus port range
    • Detect SSL/TLS on ports where it is commonly used

  • Scan all devices, including:

    • Printers
    • Novell Netware hosts
Thorough

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan all TCP ports
    • Detect SSL on all open ports

  • Scan all devices, including:

    • Printers
    • Novell Netware hosts
Custom

All defaults

Spectre and Meltdown Detection Normal (default)

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan the default Nessus port range
    • Detect SSL/TLS on ports where it is commonly used
Thorough

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan all TCP ports
    • Detect SSL on all open ports
Custom

All defaults

WannaCry Ransomware Detection Quick

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan TCP ports 139 and 445
    • Detect SSL/TLS on ports where it is commonly used
Normal (default)

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan the default Nessus port range
    • Detect SSL/TLS on ports where it is commonly used
Thorough

  • General Settings:

    • Ping the remote host
    • Always test the local Nessus host

  • Service Discovery Settings:

    • Scan all TCP ports
    • Detect SSL on all open ports
Custom

All defaults