Target Groups
You can still use target groups to manage your scan targets. However, Tenable recommends that you instead use tags to group and scan your assets when possible. In the future, when tagging features and options match those currently available in target groups, Tenable will convert your target groups into tags and retire your existing target groups. No action is required on your part, and Tenable will provide you with 60 calendar days notice before converting and retiring your target groups. For more information, contact your Tenable representative.
Overview
A target group is a reusable, centralized list of scan targets defined by IP addresses, IP ranges, CIDR blocks, or Fully Qualified Domain Names (FQDNs).
Target groups allow you to define a scope once (for example, "DMZ Servers") and share it with multiple users for use in scan configurations and dashboard filtering.
For steps on creating, editing, or deleting target groups, see Manage Target Groups.
Key Concepts
-
Centralized Management — Instead of manually typing the same IP ranges into multiple scan configurations, you update the target group once. All scans that reference that group automatically inherit the changes.
-
Permissions and Access Control — Target groups function as a list of text strings, not a grant of scanning authority. To successfully scan the assets in a target group, a user requires two permissions:
-
Permission for the target group — Allows the user to select the group in a scan configuration.
-
Can Scan permission (via access groups) — Allows the user to scan the specific targets in the group.
-
Constraints and Best Practices
-
Dashboard Filtering — You can filter dashboard views using target groups. However, avoid creating groups with large numbers of individual, non-contiguous targets. This can cause dashboard timeouts.
-
CIDR Notation — When defining targets by subnet, use standard CIDR notation (for example, 192.168.1.0/24).