Manage Scanner Groups

Required Tenable Vulnerability Management User Role: Scan Manager or Administrator

Use the following procedures to manage your scanner groups. For general information about scanner groups, see Scanner Groups.

Create a Scanner Group

To create a scanner group:

In the left navigation, click Sensors.

The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.
In the drop-down box, select Scanner Groups.

The list of existing scanner groups you have permission to use or manage appears.
Click Add Scanner Group.

The Add Scanner Group plane appears.
In the Group Name field, type a name for the group.
(Optional) In the Targets for Scan Routing box, type a comma-separated list of scan routing targets.

Targets in the list must be in the supported formats.

This list specifies the targets that scanners in this scanner group can scan if a scan is configured to use the Auto-Select scanner. For more information, see Example: Scan Routing.

Note: You can specify up to 10,000 individual scan routing targets for an individual scanner group. For example, 192.168.0.1, example.com, *.example.net, 192.168.0.0/24 specifies four scan routing targets. To condense a scan routing target list, Tenable recommends using wildcard and range formats, instead of individual IP addresses.
(Optional) Configure user permissions for a scanner group.

By default, in any new scanner group, Tenable Vulnerability Management assigns the system-generated All Users group Can Use permissions.
Click Save.

If Targets for Scan Routing specifies more than the maximum number of targets, an error message appears. Condense the scan routing targets by using wildcard and range formats instead of individual IP addresses, then try again to save the scanner group.

In all other cases, the new group appears in the Scanner Groups list.

Edit a Scanner Group

To edit a scanner group:

In the left navigation, click Sensors.

The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.
In the drop-down box, select Scanner Groups.

The list of existing scanner groups you have permission to use or manage appears.
(Optional) Search the table for the group you want to modify. For more information, see Tables.
In the scanner group table, do one of the following:
- In the Actions column of the scanner group you want to modify, click the button.
  The action options appear in the row.
- Right-click the scanner group you want to modify.
  The action options appear next to your cursor.
Click Edit.

The Edit Scanner Group plane appears.

Modify any of the following settings:

Setting	Action
Name	Type a new name.
User and Group Permissions	Configure user permissions for the scanner group.

(Optional) In the Targets for Scan Routing box, type a comma-separated list of scan routing targets.

Targets in the list must be in the supported formats.

This list specifies the targets that scanners in this scanner group can scan if a scan is configured to use the Auto-Select scanner. For more information, see Example: Scan Routing.

Note: You can specify up to 10,000 individual scan routing targets for an individual scanner group. For example, 192.168.0.1, example.com, *.example.net, 192.168.0.0/24 specifies four scan routing targets. To condense a scan routing target list, Tenable recommends using wildcard and range formats, instead of individual IP addresses.
Click Save.

If Targets for Scan Routing specifies more than the maximum number of targets, an error message appears. Condense the scan routing targets by using wildcard and range formats instead of individual IP addresses, then try again to save the scanner group.

In all other cases, Tenable Vulnerability Management updates the scanner group with your changes.

Assign Scanners to a Scanner Group

In the upper-left corner, click the button.

The left navigation plane appears.
In the left navigation plane, click Settings.

The Settings page appears.
Click the Sensors tile.

The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.
(Optional) For Tenable Web App Scanning, click the Web App Scanners tab.
The Web App Scanners tab appears and Linked Scanners is selected in the drop-down box.
In the drop-down box, select Scanner Groups.

The list of existing scanner groups you have permission to use or manage appears.
In the scanner groups table, click the row of the scanner group where you want to add scanners.

The Group Details page appears.
Click Assign Scanners.

The Assign Scanner page appears.
(Optional) Search the table for the scanner you want to assign. For more information, see Tables.
In the scanners table, select the check boxes next to the scanner or scanners you want to add to the scanner group.

Click Assign.

If the assignment is successful, Tenable Vulnerability Management adds the scanner to the scanner group, and the Group Details page appears.
If Tenable Vulnerability Management encounters any problems during processing, the Assign Scanners page remains active, and one of the following messages appears in the Assignment column of the affected scanner:

Possible Error Messages	Action
This sensor already exists in the scanner group.	Click Cancel to close the page.
An error occurred adding this sensor to the scanner group.	Click Assign again. If the processing still fails, contact Tenable Support.

Configure User Permissions for a Scanner Group

You can configure scanner group permissions for individual users or a user group. If you configure scanner group permissions for a user group, you assign all users in that group the same permissions. For more information, see User Groups.

Important! Scanner group permissions do not override existing individual scanner permissions. For example, if you add a scanner with Can Use permissions to a scanner group with Can Manage permissions, that scanner retains its Can Use permissions.

You can assign the following scanner group permissions to a user or user group:

No Access — (All Users user group only) No users (except for users or groups you specifically assign permissions) can use the scanner group in scan configurations.
Can Use — The user or user group can use the scanner group in scan configurations. The user or user group (assuming they have the Scan Manager or Administrator user role) can view but not edit the scanner group configuration.
Can Manage — The user or user group can use the scanner group in scan configurations. The user or user group (assuming they have the Scan Manager or Administrator user role) can view and edit the scanner group configuration.

Note: All users with the Scan Manager user role have Can Manage permissions for scanner groups, regardless of the scanner group permission they are assigned.

To configure user permissions for a scanner group:

Create or edit a scanner group.
During scanner group configuration, in the Users & Groups section, do any of the following:
- Edit permissions for the All Users user group.
  1. Next to the permission drop-down for the All Users group, click the button.
  2. Select a permissions level.
- Add a user or user group to the scanner group.
  1. In the User & Groups heading, click the button.
    The Add Users & Group plane appears.
  2. In the Search field, type or click the drop-down to find and add a user or group.
    Tip: Tenable recommends assigning permissions to user groups, rather than individual users, to minimize maintenance as individual users leave or join your organization.
    Added users and groups appear below the Search field.
  3. Click the Add button.
    The scanner group plane appears.
    By default, Tenable Vulnerability Management assigns the added user or user group Can Use permissions.
- Edit permissions for an existing user or user group.
  1. Next to the permissions drop-down for the user or user group you want to edit, click the button.
  2. Select a permissions level.
- Remove a user or user group from the scanner group.
  1. Roll over the user or group you want to remove.
  2. Click the button next to the user or user group.
    The user or group disappears from the Users & Groups list.
Click Save.

Tenable Vulnerability Management saves your changes to the scanner group.

Delete a Scanner Group

To delete one or more scanner groups:

In the left navigation, click Sensors.

The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.
In the drop-down box, select Scanner Groups.

The list of existing scanner groups you have permission to use or manage appears.

In the scanner groups table, select one or more scanner groups to delete:

Scope	Action
To delete a single scanner group	In the scanner groups table, do one of the following: Select the check box for the scanner group you want to delete. The action bar appears at the top of the table. Right-click the scanner group you want to delete. The action options appear next to your cursor. In the Actions column, click the button for the scanner group you want to delete. The action options appear in the row. Click Delete. A confirmation window appears.
To delete multiple scanner groups	In the scanner groups table, select the check boxes next to the scanner groups you want to delete. The action bar appears at the bottom of the page. In the action bar, click the Delete button. A confirmation window appears.

Scope

Action

To delete a single scanner group

In the scanner groups table, do one of the following:
- Select the check box for the scanner group you want to delete.
  
  The action bar appears at the top of the table.
- Right-click the scanner group you want to delete.
  
  The action options appear next to your cursor.
- In the Actions column, click the button for the scanner group you want to delete.
  
  The action options appear in the row.
Click Delete.

A confirmation window appears.

To delete multiple scanner groups

In the scanner groups table, select the check boxes next to the scanner groups you want to delete.
The action bar appears at the bottom of the page.
In the action bar, click the Delete button.

A confirmation window appears.

In the confirmation window, click the Delete button.

Tenable Vulnerability Management deletes the group or groups you selected.

Add a Sensor to a Scanner Group

Required Tenable Web App Scanning User Role: Scan Manager or Administrator

You can add the following types of sensors to a scanner group:

Sensor Type	Supported?
On-premises Tenable Nessus	yes
On-premises Tenable Web App Scanning	yes
Tenable Vulnerability Management cloud	no
Tenable Nessus sensor for Amazon Web Services (AWS)	no
Tenable Network Monitor (NNM)	no
Tenable Agent	no (see Agent Groups)

To add sensor to one or more scanner groups:

In the left navigation, click Sensors.

The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.
(Optional) Search for the scanner you want to add to a scanner group.

Select the scanners you want to add and the groups you want to add the scanners to:

Scope	Action
Add a single scanner to a group or groups	In the scanner group table, do one of the following: Right-click the sensor you want to add to a scanner group. The action options appear next to the cursor. In the Actions column, click the button for the sensor you want to add to a scanner group. The action options appear in the row. Select the check box for the sensor you want to add to a scanner group. Tenable Vulnerability Management enables Add selected to Groups in the action bar. Click Add to Groups. The Add to Groups plane appears. In the search box, type the name of the scanner group where you want to add the scanner. In the drop-down box of matching groups, click a group. (Optional) Repeat steps c and d to add additional scanner groups.
Add multiple scanners to a group or groups	In the scanner table, select the check boxes next to the scanners you want to add to scanner groups. The action bar appears at the bottom of the page. Click the Add selected to Groups button. The Add to Groups plane appears. In the search box, type the name of the scanner group where you want to add the scanner. In the drop-down list of matching groups, click a group. (Optional) Repeat steps c and d to add additional scanner groups.

Scope

Action

Add a single scanner to a group or groups

In the scanner group table, do one of the following:

Right-click the sensor you want to add to a scanner group.

The action options appear next to the cursor.
In the Actions column, click the button for the sensor you want to add to a scanner group.

The action options appear in the row.
Select the check box for the sensor you want to add to a scanner group.

Tenable Vulnerability Management enables Add selected to Groups in the action bar.

Click Add to Groups.
The Add to Groups plane appears.
In the search box, type the name of the scanner group where you want to add the scanner.
In the drop-down box of matching groups, click a group.
(Optional) Repeat steps c and d to add additional scanner groups.

Add multiple scanners to a group or groups

In the scanner table, select the check boxes next to the scanners you want to add to scanner groups.

The action bar appears at the bottom of the page.
Click the Add selected to Groups button.
The Add to Groups plane appears.
In the search box, type the name of the scanner group where you want to add the scanner.
In the drop-down list of matching groups, click a group.
(Optional) Repeat steps c and d to add additional scanner groups.

Click Save to save your changes.
Tenable Vulnerability Management adds the scanner or scanners to the selected group or groups and closes the Add to Groups plane.

Remove a Sensor from a Scanner Group

Required Tenable Web App Scanning User Role: Scan Manager or Administrator

To remove a sensor from a scanner group:

In the left navigation, click Sensors.

The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.
In the drop-down box, select Scanner Groups.

The list of existing scanner groups you have permission to use or manage appears.
(Optional) Search the table for the group you want to modify. For more information, see Tables.
In the scanner group table, click the scanner group you want to modify.
The Group Details page appears. This page contains a table listing sensors assigned to this group.
(Optional) Search for the sensor you want to remove. For more information, see Tables.
Select the sensor or sensors you want to remove:

Select the sensors you want to remove:

Scope	Action
Remove a single sensor	In the sensors table, do one of the following: Right-click the sensor you want to remove. The action options appear next to your cursor. In the Actions column, click the button for the sensor you want to remove. The action options appear in the row. Select the check box for the sensor you want to remove. The action buttons appear at the top of the table. Click the Remove from Group button. A confirmation window appears.
Remove multiple sensors	In the sensors table, select the check box for each sensor you want to remove from the group. The action bar appears at the bottom of the page. In the action bar, click the Remove from Group button. A confirmation window appears.

Scope

Action

Remove a single sensor

In the sensors table, do one of the following:

Right-click the sensor you want to remove.

The action options appear next to your cursor.
In the Actions column, click the button for the sensor you want to remove.

The action options appear in the row.
Select the check box for the sensor you want to remove.

The action buttons appear at the top of the table.

Click the Remove from Group button.

A confirmation window appears.

Remove multiple sensors

In the sensors table, select the check box for each sensor you want to remove from the group.
The action bar appears at the bottom of the page.
In the action bar, click the Remove from Group button.
A confirmation window appears.

In the confirmation window, click Remove.
Tenable Vulnerability Management removes the sensor or sensors from the scanner group.

View Sensors in a Scanner Group

To view sensors assigned to a scanner group:

In the left navigation, click Sensors.

The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.
In the drop-down box, select Scanner Groups.

The list of existing scanner groups you have permission to use or manage appears.
(Optional) Search the table for the group you want to view. For more information, see Tables.
In the scanner group table, click the scanner group you want to view.
The Group Details page appears. This page contains a table listing sensors assigned to this group.

View All Running Scans for a Sensor

Note: You can only view all scans for sensors in Tenable Nessus scanner groups.

To view all running scans for a sensor:

View the sensors in the appropriate scanner group.
In the sensors table, click the sensor for which you want to view all scans.

The scanner Details page appears.
Click the Manage Scans tab.

Tenable Vulnerability Management shows a list of all scans the sensor is currently running.