Create a Scan

In Tenable Vulnerability Management, you can create scans using scan templates. For general information about templates and settings, see Scan Templates and Settings.

When you create a scan, Tenable Vulnerability Management assigns you owner permissions for the scan.

Tip: To quickly target specific vulnerabilities that previous scans have identified on your assets, create a Tenable Vulnerability Management remediation scan.

Note: Tenable Vulnerability Management excludes PCI Quarterly External scan data from dashboards, reports, and workbenches intentionally. This is due to the scan's paranoid nature, which may lead to false positives that Tenable Vulnerability Management would otherwise not detect. For more information, see Tenable PCI ASV Scans.

Note: If you are scanning a Linux machine with Tenable Vulnerability Management, the Linux machine's shell configuration file must have a PS1 variable of four or more characters (for example, PS1='\u@\h:~\$ '). Having a PS1 variable of less than four characters (for example, PS1='\$ ') can drastically increase the overall scan time.

For a demonstration on creating vulnerability scans, see the following video:

Before you begin:

  • (Optional) View Tenable Vulnerability Management scan limitations.
  • If you want to create a scan from a user-defined template, create a user-defined template as described in Create a User-Defined Template.
  • Create an access group for any targets you want to use in the scan and assign Can Scan permissions to the appropriate users.

To create a scan:

  1. In the left navigation, click Scans.

    The Scans page appears.

  2. Below Scans, choose to view Vulnerability Management Scans or Web Application Scans.

    This also determines whether you are creating a Tenable Vulnerability Management or Tenable Web App Scanning scan.

  3. In the upper-right corner of the page, click the Create a Scan button.

    The Select a Scan Template page appears.

  4. Do one of the following:

    • If you are creating a Tenable Vulnerability Management scan, use the following procedure:

      1. Click the Nessus Scanner, Nessus Agent, or User Defined tab to view available templates for your scan.

        The tab appears.

        Note: Users with Scan Operator permissions can see and use only the user-defined templates shared with their account.

      2. Click the tile for the template you want to use for your scan.

        The Create a Scan page appears.

      3. Configure the scan:

        Tab Action
        Settings

        Configure the settings available in the scan template.

        • Basic Settings — Specifies the organizational and security-related aspects of a scan template. This includes specifying the name of the scan, its targets, whether you want to schedule the scan, and who has permissions for the scan.
        • Discovery Settings — Specifies how a scan performs discovery and port scanning.
        • Assessment Settings — Specifies how a scan identifies vulnerabilities, as well as what vulnerabilities are identified. This includes identifying malware, assessing the vulnerability of a system to brute force attacks, and the susceptibility of web applications.
        • Report Settings — Specifies whether the scan generates a report.
        • Advanced Settings — Specifies advanced controls for scan efficiency.
        Credentials

        Specify credentials you want Tenable Vulnerability Management to use to perform a credentialed scan.

        Compliance/SCAP Specify the platforms you want to audit. Tenable, Inc. provides best practice audits for each platform. Additionally, you can upload a custom audit file.
        Plugins Select security checks by plugin family or individual plugin.
      4. Do one of the following:

        • If you want to save without launching the scan, click Save.

          Tenable Vulnerability Management saves the scan.

        • If you want to save and launch the scan immediately, click Save & Launch.

          Note: If you scheduled the scan to run at a later time, the Save & Launch option is not available.

          Note: If you are editing an imported scan, the Save & Launch option is not available.

          Tenable Vulnerability Management saves and launches the scan.

    • If you are creating a Tenable Web App Scanning scan, use the following procedure:

      1. Click the Web Application or User Defined tab to view available templates for your scan.

        The tab appears.

        Note: Users with Scan Operator permissions can see and use only the user-defined templates shared with their account.

      2. Click the tile for the template you want to use for your scan.

        The Create a Scan page appears.

      3. Configure the scan:

        Tab Action
        Settings Configure the settings available in the scan template. For more information, see Basic Settings in Tenable Web App Scanning Scans.
        Scope Specify the URLs and file types that you want to include in or exclude from your scan. For more information, see Scope Settings in Tenable Web App Scanning Scans.
        Assessment Specify how a scan identifies vulnerabilities and what vulnerabilities the scan identifies. This includes identifying malware, assessing the vulnerability of a system to brute force attacks, and the susceptibility of web applications. For more information, see Assessment Settings in Tenable Web App Scanning Scans.
        Advanced Specify advanced controls for scan efficiency.
        Credentials Specify credentials you want Tenable Vulnerability Management to use to perform a credentialed scan.
        Plugins Select security checks by plugin family or individual plugin.
      4. Do one of the following:

        • If you want to save without launching the scan, click Save.

          Tenable Vulnerability Management saves the scan.

        • If you want to save and launch the scan immediately, click Save & Launch.

          Note: If you scheduled the scan to run at a later time, the Save & Launch option is not available.

          Note: If you are editing an imported scan, the Save & Launch option is not available.

          Tenable Vulnerability Management saves and launches the scan.