Manage Target Groups

Use the following procedures to manage your target groups. For more general information on target groups, see Target Groups.

Create a Target Group

System target groups:

Required User Role: Administrator

User target groups:

Required Tenable Vulnerability Management User Role: Scan Operator, Standard, Scan Manager, or Administrator

To create a target group in the new interface:

In the left navigation, click Settings.

The Settings page appears.
Click the Target Groups tile.

The Target Groups page appears. By default, the System tab is active. This tab contains a table of system target groups.
If you want to edit a user target group, click User. Otherwise, stay on the System target groups tab.
In the upper-right corner of the page, click the Create Target Group button.

The Create a Target Group page appears.

Configure the General settings:

Setting	Description
Name	A name for the target group.
Targets	A comma-separated list of FQDNs, CIDR notation, or IP address ranges that you want to scan. Note: Scan targets listed by CIDR notation must be in one of the following formats: xx.xx.0.0/16 xx.xx.xx.0/24 Note: For the IP address range format (example: 192.168.0.1-192.168.0.255 ), Tenable Vulnerability Management supports a maximum count of "-" to 1023.
Upload Targets	A text file containing a comma-separated list of FQDNs or IP address ranges that you want to scan. The system adds the uploaded targets to the Targets box after you save the target group.

Setting

Description

Name

A name for the target group.

Targets

A comma-separated list of FQDNs, CIDR notation, or IP address ranges that you want to scan.

Note: Scan targets listed by CIDR notation must be in one of the following formats:

xx.xx.0.0/16
xx.xx.xx.0/24

Note: For the IP address range format (example: 192.168.0.1-192.168.0.255 ), Tenable Vulnerability Management supports a maximum count of "-" to 1023.

Upload Targets

A text file containing a comma-separated list of FQDNs or IP address ranges that you want to scan.

The system adds the uploaded targets to the Targets box after you save the target group.

Configure the user permissions for the group.
Note: If you grant a user permissions in a target group, the user can use the target group in the Target Groups option for scan configurations. However, you must also grant the user Can Scan permissions in an access group for the targets, or Tenable Vulnerability Management excludes the targets from the scan results. For more information, see Access Groups.
Click Save.

One of the following occurs:
- If you configured user permissions for the target group, Tenable Vulnerability Management creates the target group and adds it to the table on the Target Groups page.
- If you retained the default No Access permissions for the target group, a confirmation window appears.
  
  In response, do one of the following:
  - If the default configuration is appropriate for the target group, click Continue to confirm your action.
  - If the default configuration is not appropriate for the target group, click Cancel to return to user permissions configuration for the target group.

Edit a Target Group

System target groups:

Required User Role: Administrator

Required Target Group Permissions: Any

User target groups:

Required Tenable Vulnerability Management User Role: Scan Operator, Standard, Scan Manager, or Administrator

Required Target Group Permissions: Can Change

Note: System target groups and related functionality asset isolation are deprecated. To control scan permissions, use access groups instead.

You can still create and edit system target groups, as well as use system target groups in scan configurations and dashboard filters. However, Tenable recommends using user target groups instead.

To edit a target group in the new interface:

In the left navigation, click Settings.

The Settings page appears.
Click the Target Groups tile.

The Target Groups page appears. By default, the System tab is active. This tab contains a table of system target groups.
If you want to edit a user target group, click User. Otherwise, stay on the System target groups tab.
In the target groups table, click the target group you want to edit.
The Update a Target Group page appears.

Edit the General settings for the target group:

Setting	Description
Name	A name for the target group.
Targets	A comma-separated list of FQDNs, CIDR notation, or IP address ranges that you want to scan.
Upload Targets	A text file containing a comma-separated list of FQDNs or IP address ranges that you want to scan. The system adds the uploaded targets to the Targets box after you save the target group.

Setting

Description

Name

A name for the target group.

Targets

A comma-separated list of FQDNs, CIDR notation, or IP address ranges that you want to scan.

Upload Targets

A text file containing a comma-separated list of FQDNs or IP address ranges that you want to scan.

The system adds the uploaded targets to the Targets box after you save the target group.

Configure user permissions for the target group.
Click Save.

A confirmation window appears.
In the confirmation window, click Continue.

Tenable Vulnerability Management saves the changes to the target group.

Configure User Permissions for a Target Group

System target groups:

Required User Role: Administrator

Required Target Group Permissions: Any

User target groups:

Required Tenable Vulnerability Management User Role: Scan Operator, Standard, Scan Manager, or Administrator

Required Target Group Permissions: Can Change

Note: For auditing cloud infrastructure, Tenable Vulnerability Management requires a target group with Can Scan permissions to be present on 127.0.0.1.

Note: To enable the user to use a target group in the Target Groups option for scan configurations, you must also grant the user Can Scan permissions in an access group for the targets. If you do not, Tenable Vulnerability Management excludes the targets from the scan results. For more information, see Access Groups.

To configure permissions for a target group:

Create or edit a target group.
In the User Permissions section, do one of the following:
- Change the permissions for the Default user.
  
  Note: The Default user represents any users that have not been specifically added to the target group.
  1. Next to the permission drop-down for the Default user, click the button.
  2. Select a permissions level.
  3. Click Save.
- Add permissions.
  1. Next to User Permissions, click the button.
    
    The Add User Permission plane appears.
  2. In the Add users or groups box, type the name of a user or group.
    
    As you type, a filtered list of users and groups appears.
  3. Select a user or group from the search results.
    The selected user or group appears in the list of users and groups.
    By default, Tenable Vulnerability Management assigns Can Use permissions to the new user or group.
  4. Next to the permission drop-down for the user or group, click the button.
  5. Select a permissions level.
  6. Click Save.
- Edit permissions.
  1. Next to the permission drop-down for the user or group, click the button.
  2. Select a permissions level.
  3. Click Save.
- Delete permissions.
  1. In the list of users, roll over the user or group you want to delete.
  2. Click the button next to the user or user group.
    
    The user or group disappears from the permissions list.
  3. Click Save.

Import a Target Group

Required Tenable Vulnerability Management User Role: Scan Operator, Standard, Scan Manager, or Administrator

You can import a target group as a .csv file.

Tip: To create or modify the .csv file, Tenable recommends using a robust editor such as Microsoft Excel.

Before you begin:

Create a .csv file in the specified format.

To import a target group:

In the left navigation, click Settings.

The Settings page appears.
Click the Target Groups tile.

The Target Groups page appears. By default, the System tab is active. This tab contains a table of system target groups.
If you want to import a user target group, click User. Otherwise, stay on the System target groups page.
Note: System target groups and related functionality asset isolation are deprecated. To control scan permissions, use access groups instead.
You can still create and edit system target groups, as well as use system target groups in scan configurations and dashboard filters. However, Tenable recommends using user target groups instead.
In the upper-right corner of the page, click the Import button.

Your operating system's file manager appears.
Select a .csv file to import.

Tenable Vulnerability Management imports the file and adds the target groups to the target groups box.

Target Group Import File Format

Each line of the target group import file must have the following fields:

Field Name	Description
`id`	Numeric field used to identify the target group.
`name`	Field used to identify the name of the target group. You can use any combination of alphanumeric characters or symbols in the name field.
`members`	Field used to identify the host address or addresses to include in the target group.
`creation_date`	Numeric field in UNIX timestamp format.
`last_modification_date`	Numeric field in UNIX timestamp format.

Export a Target Group

Required Tenable Vulnerability Management User Role: Standard, Scan Manager, or Administrator

Required Target Group Permissions: Can Use

You can export a target group as a .csv file. Depending on your browser, the target group may download automatically.

To export a target group or groups in the new interface:

In the left navigation, click Settings.

The Settings page appears.
Click the Target Groups tile.

The Target Groups page appears. By default, the System tab is active. This tab contains a table of system target groups.
If you want to export a user target group, click User. Otherwise, stay on the System target groups tab.
Note: System target groups and related functionality asset isolation are deprecated. To control scan permissions, use access groups instead.
You can still create and edit system target groups, as well as use system target groups in scan configurations and dashboard filters. However, Tenable recommends using user target groups instead.
Select the target group or groups you want to export.
- Select a single target group.
  1. In the target groups table, roll over the target group you want to export.
    
    The action buttons appear in the row.
  2. In the row, click the button.
    
    Tenable Vulnerability Management automatically exports the target group or groups you selected as a single .csv file.
- Select multiple target groups.
  1. In the target groups table, select the check boxes for each target group you want to export.
    The action bar appears at the bottom of the page.
  2. Next to Target Groups, click the button.

Target Group Export File Header Fields

The following table describes the headers that appear in the exclusion export file.

Field Name	Description
id	Numeric identifier for the target group.
name	Alphanumeric name of the target group.
members	Host address(es) to be included in the target group.
creation_date	Date (in UNIX timestamp format) when the target group was created.
last_modification_date	Date (in UNIX timestamp format) when the target group was last modified.

Delete a Target Group

System target groups:

Required User Role: Administrator

Required Target Group Permissions: Any

User target groups:

Required Tenable Vulnerability Management User Role: Scan Operator, Standard, Scan Manager, or Administrator

Required Target Group Permissions: Can Change

To delete a target group in the new interface:

In the left navigation, click Settings.

The Settings page appears.
Click the Target Groups tile.

The Target Groups page appears. By default, the System tab is active. This tab contains a table of system target groups.
If you want to delete a user target group, click User. Otherwise, stay on the System target groups tab.
Select the target group or groups you want to delete:
- Select a single target group.
  1. In the target groups table, roll over the target group you want to delete.
    
    The action buttons appear in the row.
  2. In the row, click the button.
    
    A confirmation window appears.
- Select multiple target groups.
  1. In the target groups table, select the check box for each target group you want to delete.
    
    The action bar appears at the bottom of the page.
  2. In the action bar, click the button.
    
    A confirmation window appears.
In the confirmation window, click Delete.

Tenable Vulnerability Management deletes the target group or groups you selected.

Target Group Permissions

The following table describes user permissions for both system and user target groups.

Permission	Description
System Target Group
No Access	(Default user only) Users assigned this permission cannot use the system target group to filter dashboards.
Can Use	Note: System target groups are deprecated; Tenable recommends using user target groups instead. Users assigned this permission can use hosts in the user target groups to filter dashboards and configure scans. Note: To enable the user to use a target group in the Target Groups option for scan configurations, you must also grant the user Can Scan permissions in an access group for the targets. If you do not, Tenable Vulnerability Management excludes the targets from the scan results. For more information, see Access Groups.
User Target Group
No Access	(Default user only) Users assigned this permission cannot configure scans for hosts in the user target group or use hosts in the user target group to filter dashboards.
Can Use	Users assigned this permission can use hosts in the user target groups to filter dashboards and configure scans. Note: To enable the user to use a target group in the Target Groups option for scan configurations, you must also grant the user Can Scan permissions in an access group for the targets. If you do not, Tenable Vulnerability Management excludes the targets from the scan results. For more information, see Access Groups.
Can Change	In addition to using hosts in this user target group when configuring scans and filtering dashboards, users assigned this permission can modify any setting for the target group except permissions.