Manage Networks

Required Tenable Vulnerability Management User Role: Scan Manager or Administrator

Use the following procedures to manage your networks. For general information about networks, see Networks.

Create a Network

Create a custom network only if you want to scan targets in separate environments that contain overlapping IP ranges. If your scans do not involve separate environments with overlapping IP ranges, keep all scanners in the Default network.

To create a new network:

1. In the left navigation, click Sensors.

   The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.

2. Click the Networks tab.

   The list of networks appears.

3. Click Add Network.

   The Settings page appears.

4. Type a name for the network.

5. (Optional) Type a description for the network.
6. (Optional) Configure Asset Age Out:

   Note: By default, the Asset Age Out toggle is enabled and the value is set to 180 days. At that point, Tenable Vulnerability Management deletes all asset records and associated vulnerabilities. These cannot be recovered, and the deleted assets no longer count towards your license.

   • To change the number of days after which Tenable Vulnerability Management deletes unseen assets, in the Delete Assets Not Seen in the Last text box, type the number of days.

   • To disable the Asset Age Out toggle, click the toggle.

7. In the lower-right corner, click Create.

   Tenable Vulnerability Management creates the new network. The Manage Scanners page appears.

View or Edit a Network

To view or edit the configuration of an existing network:

1. In the left navigation, click Sensors.

   The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.

2. Click the Networks tab.

   The list of networks appears.

3. In the Networks table, click the network to edit.

   The Network Details page appears with the Settings tab active.

4. Make changes to your network details:

   • Edit the network Name or Description. The name can contain any alphanumeric and special characters except < and >.
   • Turn on Asset Age Out to permanently delete host assets on your network that have not been seen on a scan for a specific number of days. 
     Important: This setting only applies to host assets, and does not affect assets detected via your Cloud Native Application Protection Platform (CNAPP) license.
     1. In the text box that appears, type the number of days. The minimum value is 14 and the maximum value is 450.

        Caution: When you enable and save this option, Tenable Vulnerability Management immediately deletes assets. All asset records and associated vulnerabilities are deleted and cannot be recovered. The deleted assets no longer count towards your license.

        Note: You cannot age out assets which are older than 15 months (456 days). To delete these assets, filter for them on the Assets workbench and then delete them manually. For more information, see Delete Assets.

5. Click Save.

   Tenable Vulnerability Management saves your changes.

Add a Scanner to a Network

A scanner or scanner group is part of the default network unless you add it to a custom network. A scanner or scanner group can only be part of one network at a time.

You can only add a scanner group to a custom network if all scanners in that group belong to either the default network or the same custom network. If you try to add a scanner group that contains a scanner already assigned to a different custom network, Tenable Vulnerability Management prevents you from adding the scanner group to the network until you resolve the conflict.

You cannot add an AWS pre-authorized scanner to a network.

Before you begin:

• Create a new network.

  Note: Tenable recommends moving scanners to a new network, rather than an existing network, to prevent unwanted asset merges. If the network where you move a scanner already contains asset records, and the identifiers for assets from the moved scanner match the identifiers already existing in the network, Tenable Vulnerability Management automatically merges those assets.

• If you want to move a scanner from one existing network to another existing network:
  • Note the IP addresses of the assets identified by the scanner you want to move.
  • Use the IP addresses to move the assets from the first network to the second network.
  • Add the scanner from the first network to the second network. Use the steps below to add a scanner.

To add a scanner or scanner group to a network:

1. In the left navigation, click Sensors.

   The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.

2. Click the Networks tab.

   The list of networks appears.

3. In the networks table, click the network you want to add a scanner or scanner group to.

   The Settings page appears.

4. In the left navigation list, click Manage Scanners.

   A list of Available Scanners to Add and Member Scanners in Network appear.

5. In the row of the scanner or scanner group you want to add to the network, click the button.

   Tenable Vulnerability Management determines whether there are any scanner group conflicts:

   If no conflicts are present, Tenable Vulnerability Management adds the scanner or scanner group to the network and moves it to the Member Scanners table.

   If any conflicts are present, Tenable Vulnerability Management displays a message. You need to remove a scanner from the scanner group to resolve the conflict. For more information about removing scanners from scanner groups, see Edit a Scanner Group.

   The scanner or scanner group appears in the Member Scanners in Network.

Remove a Scanner from a Network

If you remove a scanner or a scanner group from a custom network, Tenable Vulnerability Management reassigns it to the default network.

Tip: If you want to delete a scanner group or remove a sensor from a scanner group, see Manage Scanner Groups.

To remove a scanner or scanner group from a network:

1. In the left navigation, click Sensors.

   The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.

2. Click the Networks tab.

   The list of networks appears.

3. In the networks table, click the network where you want to remove a scanner or scanner group.

   The Settings page appears.

4. In the left navigation plane, click Manage Scanners.

   A list of Available Scanners to Add and Member Scanners in Network appear.

5. In the row of the scanner or scanner group you want to remove from the network, click the button.

   Tenable Vulnerability Management moves the scanner or scanner group to the default network. The scanner or scanner group appears in the Available Scanners list.

Add an Agent to a Network

An agent is part of the Default network unless you add it to a custom network. An agent can only be part of one network at a time.

Before you begin:

• Create a new network.

  Note: Tenable recommends moving agents to a new network, rather than an existing network, to prevent unwanted asset merges. If the network where you move an agent already contains asset records, and the identifiers for assets from the moved agent match the identifiers already existing in the network, Tenable Vulnerability Management merges those assets automatically.

• If you want to move an agent from one existing network to another existing network:
  • Note the IP addresses of the assets identified by the agent you want to move.
  • Use the IP addresses to move the assets from the first network to the second network.
  • Add the agent from the first network to the second network.

To add an agent to a network:

1. In the left navigation, click Sensors.

   The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.

2. Do one of the following:

   • To add agents from the Linked Agents tab:

     1. Click the Nessus Agents tab.

        The list of agents appears and Linked Agents is selected in the drop-down box.

     2. Select an agent or agents in one of the following ways:

        • In the agents table, right-click the row for the agent you want to add.

          The action buttons appear in the row.

        • In the Actions column, click the button in the row for the freeze window you want to delete.

          The action buttons appear in the row.

        • In the agents table, select the check box next to each agent you want to add.

          The action bar appear at the top of the table.

        • In the table header, select the check box to select the entire page.

        The action bar appears at the bottom of the page.

     3. Click Add to network or Add Selected to Network, as applicable.

        The Add to Network plane appears.

     4. In the drop-down list, select the network to which you want to add the agent or agents.

     5. Click Assign.

        Tenable Vulnerability Management adds the agents to the selected network.

   • To add agents from the Networks page:

     1. Click the Networks tab.

        The list of networks appears.

     2. In the networks table, click the network you want to add an agent to.

        The Settings page appears.

     3. In the left navigation list, click Manage Agents.

        Lists of both Available Agents to Add and Member Agents in Network appear.

     4. In the row of the agent to add to the network, click the button.

        Tenable Vulnerability Management determines whether there are any agent group conflicts. Once you manually resolve the conflict, repeat the steps above.

        If there are no group conflicts, Tenable Vulnerability Management adds the agent to the network.

   If you moved the agents from a custom network to the Default network, you need to move the agents' associated assets to the Default network manually. Assets do not revert back to the Default network automatically. For more information, see Move Assets to a Network via Settings.

To add an agent group to a network:

1. In the left navigation, click Sensors.

   The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.

2. Click the Nessus Agents tab.

   The list of agents appears and Linked Agents is selected in the drop-down box.

3. Filter the agent table to view the agent group you want to add to a network:

   1. Click Filters.

   2. Select Member of Group from the Category drop-down list.

   3. Select the agent group to add in the Value drop-down list.

   4. Click Apply.

4. In the agent table header, select the check box to select the entire page.

   The action bar appears at the bottom of the page.

5. In the action bar, click the Add selected to network.

   The Add to Network plane appears.

6. In the drop-down, select the network to which you want to add the agent or agents.

7. Click Assign.

   Tenable Vulnerability Management adds the agents to the selected network.

   If you moved the agents from a custom network to the Default network, you need to move the agents' associated assets to the Default network manually. Assets do not revert back to the Default network automatically. For more information, see Move Assets to a Network via Settings.

Remove an Agent from a Network

Before you begin:

• If you want to move an agent from one existing network to another existing network:
  • Note the IP addresses of the assets identified by the agent you want to move.
  • Use the IP addresses to move the assets from the first network to the second network.
  • Add the agent from the first network to the second network.

To remove an agent from a network:

1. In the left navigation, click Sensors.

   The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.

2. Do one of the following:

   • To remove agents from the Linked Agents tab:

     1. Click the Nessus Agents tab.

        The list of agents appears and Linked Agents is selected in the drop-down box.

     2. Select an agent or agents in one of the following ways:

        • In the agents table, right-click the row for the agent you want to remove.

          The action buttons appear in the row.

        • In the agents table, select the check box for the agent you want to remove.

          Tenable Vulnerability Management enables Remove selected from network in the action bar.

        • In the table header, select the check box to select the entire page.

        The action bar appears at the bottom of the page.

     3. Click Remove from network or Remove selected from network, as applicable.

        Tenable Vulnerability Management removes the agents from their networks and adds them to the Default network.

   • To remove agents from the Networks tab:

     1. Click the Networks tab.

        The list of networks appears.

     2. In the networks table, select the network from which you want to remove an agent or agents.

        The Settings page appears.

     3. In the left navigation menu, click Manage Agents.

        Lists of both Available Agents to Add and Member Agents in Network appear.

     4. In the row of the agent to remove from the network, click the button.

        Tenable Vulnerability Management removes the agent from the network and adds it to the Default network.

Move Assets to a Network via Settings

When a scanner scans assets, the scanner automatically adds the network to which it belongs to the scanned assets' identifying details. However, if you want to change the network assets are assigned to, you can also manually move assets to a network.

Move assets to a new network before you run scans on the new network. If you move assets to a network where scans have already run, Tenable Vulnerability Management may create duplicate asset records that count against your license.

Note: If you moved agents or agent groups from a custom network to the Default network, you need to move the agents' associated assets to the Default network manually. Assets do not revert back to the Default network automatically.

To move an asset or assets to a network from the Networks page:

1. In the left navigation, click Sensors.

   The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.

2. Click the Networks tab.

   The list of networks appears.

3. In the networks table, do one of the following:

   • Right-click the network you want to move an asset or assets to.

     The action buttons appear in the row.

   • In the Actions column, click the button in the row for the freeze window you want to delete.

     The action buttons appear in the row.

4. Click Move assets.

   The Move Assets page appears.

5. In the Source Network drop-down box, select the network you want to move an asset or assets to.

6. In the text box, do one of the following:

   • To search for a single asset, enter an IP address.
   • To search for multiple assets, enter a CIDR range or individual IP addresses separated by commas.

   Tenable Vulnerability Management shows the asset or assets that match your search criteria.

7. Do one of the following:

   • Move a single asset:

     1. In the assets table, do one of the following:

        • Right-click the asset you want to move. The action buttons appear in the row.

        • In the Actions column, click the button in the row for the asset you want to move. The action buttons appear in the row.

     1. Click Move assets.

        Tenable Vulnerability Management moves the asset to the selected network.

   • Move selected assets:

     1. For each asset you want to select, roll over the icon.

        The check box for the asset appears.

     2. Click the check box.

        The action bar appears at the bottom of the page.

     3. In the action bar, click the button.

        Tenable Vulnerability Management moves the selected asset or assets from the source network to the destination network.

   • Move all assets on the current page:

     1. In the assets table header, click the check box.

        Tenable Vulnerability Management selects all assets on the current page. The action bar appears at the bottom of the page.

     2. In the action bar, click the button.

        Tenable Vulnerability Management moves the selected assets from the source network to the destination network.

   • Move all assets in the source network:

     1. Roll over the icon of an asset.

        The action bar appears at the bottom of the page.

     2. In the action bar, click Select All Assets.

        Tenable Vulnerability Management selects all assets in the source network.

     3. In the action bar, click the button.

        Tenable Vulnerability Management moves all assets from the source network to the destination network.

To move an asset or multiple assets to a network from the asset table:

1. In the upper-left corner, click the button.

   The left navigation plane appears.

2. In the left navigation bar, click Assets.

   The Assets dashboard appears, and displays the assets table.

3. (Optional) Refine the table data. For more information, see Tables.

4. (Optional) Apply a saved search filter.

5. Do one of the following:

   • Move a single asset:

     1. Roll over the asset you want to move.

        The action buttons appear in the row.

     2. Click the button.
     3. The Move plane appears.
     4. In the Default drop-down box, select the network you want to move the asset to.
     5. Click the Move button.
     6. Tenable Vulnerability Management moves the asset to the selected network.

   • To move selected assets:

     1. For each asset you want to move, click the check box in the asset row.

        The action bar appears at the bottom of the page.

     2. In the action bar, click the button.

        The Move plane appears.

     3. In the Default drop-down box, select the network you want to move the asset to.

     4. Click the Move button.

        Tenable Vulnerability Management moves the assets to the selected network.

   • To move all assets on the current page:

     1. Click the check box in the table header.

        The action bar appears at the bottom of the page.

     2. In the action bar, click the button.

        The Move plane appears.

     3. In the Default drop-down box, select the network you want to move the asset to.

     4. Click the Move button.

        Tenable Vulnerability Management moves the assets to the selected network.

   • To move all assets:

     1. Click the check box in the table header.

     2. The action bar appears at the bottom of the page.

     3. In the action bar, click Select All Assets.

        Note: If you click Select All Assets, all assets on the current page and any additional pages are selected.

     4. In the action bar, click Move.
     5. The Move plane appears.
     6. In the Default drop-down box, select the network you want to move the assets to.
     7. Click the Move button.

     8. Tenable Vulnerability Management moves the assets to the selected network.

   Note: Depending on the filter applied and the number of assets selected, it may take some time for Tenable Vulnerability Management to move all assets to the destination network.

Delete Assets in a Network

Tip: If you want to remove an asset from a network but not delete the asset, see Move Assets to a Network.

Delete Assets Manually

If you manually delete an asset, Tenable Vulnerability Management no longer displays the asset in the default view of the assets table, deletes vulnerability data associated with the asset, and stops matching scan results to the asset. Manually deleted assets continue to count against your Tenable Vulnerability Management license until the assets age out after 14 days.

To delete assets manually:

• Delete an individual asset. For more information, see Delete Assets.

• Delete multiple assets using the Tenable Vulnerability Management API. For more information, see the Tenable Developer Portal.

Delete Assets Automatically

If you automatically delete assets in a network, Tenable Vulnerability Management permanently deletes the asset and all associated vulnerability data after a specified number of days. Automatically deleted assets do not count against your Tenable Vulnerability Management license.

To automatically delete assets, enable the Asset Age Out feature when you create or edit the network.

Export Networks

Required User Role: Administrator

On the Sensors page, you can export one or more networks.

To export a network:

1. In the left navigation, click Sensors.

   The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.

2. Click the Networks tab.

   The list of networks appears.

3. (Optional) Refine the table data. For more information, see Tables.

4. Select the networks that you want to export:

   Export Scope	Action
   Selected networks	To export selected networks: Select the check box for each network you want to export. The action bar appears at the top of the table. Click Export. Note: The Export link is available for up to 200 selections. If you want to export more than 200 networks, select all the networks in the list and then click Export.
   A single network	To export a single network: In the networks table, right-click the row for the network you want to export. The action options appear next to your cursor. -or- In the networks table, in the Actions column, click the button in the row for the network you want to export. The action options appear in the row. -or- Select the check box for the network you want to export. The action bar appears at the top of the table. The action buttons appear in the row. Click Export.

   The Export plane appears. This plane contains:

   • A text box to configure the export file name.
   • A list of available export formats.
   • A table of configuration options for fields to include in the exported file.

   Note: By default, all fields are selected.

   • A text box to set the number of days before the export expires.
   • A toggle to configure the export schedule.
   • A toggle to configure the email notification.
5. In the Name box, type a name for the export file.

6. Click the export format you want to use:

   Format	Description
   CSV	A CSV text file that contains a list of networks. Note: If your .csv export file includes a cell that begins with any of the following characters (=, +, -, @), Tenable Vulnerability Management automatically inputs a single quote (') at the beginning of the cell. For more information, see the related knowledge base article.
   JSON	A JSON file that contains a nested list of networks. Empty fields are not included in the JSON file.

7. (Optional) Deselect any fields you do not want to appear in the export file.

8. In the Expiration box, type the number of days before the export file expires.

   Note: Tenable Vulnerability Management allows you to set a maximum of 30 calendar days for export expiration.

9. (Optional) To set a schedule for your export to repeat:

   • Click the Schedule toggle.

   The Schedule section appears.

   • In the Start Date and Time section, select the date and time on which you want the export schedule to start.
   • In the Time Zone drop-down box, select the time zone to which you want the schedule to adhere.
   • In the Repeat drop-down box, select how often you want the export to repeat.
   • In the Repeat Ends drop-down, select the date on which you want the schedule to end.

     Note: If you select never, the schedule repeats until you modify or delete the export schedule.

10. (Optional) To send email notifications on completion of the export:

    Note: You can enable email notifications with or without scheduling exports.

    • Click the Email Notification toggle.

      The Email Notification section appears.

    • In the Add Recipients box, type the email addresses to which you want to send the export notification.

    • (Required) In the Password box, type a password for the export file. You must share this password with the recipients to allow them to download the file.

      Note: Tenable Vulnerability Management sends an email to the recipients and from the link in the email, the recipients can download the file by providing the correct password.

11. Click Export.

    Tenable Vulnerability Management begins processing the export. Depending on the size of the exported data, Tenable Vulnerability Management may take several minutes to process the export.

    When processing completes, Tenable Vulnerability Management downloads the export file to your computer. Depending on your browser settings, your browser may notify you that the download is complete.

12. Access the export file via your browser's downloads directory. If you close the export plane before the download finishes, then you can access your export file from the Exports page.

Delete a Network

Required Tenable Vulnerability Management User Role: Scan Manager or Administrator

• If you delete a network, assets that were in the deleted network still retain the network attribute.
• Tenable Vulnerability Management retains any asset records for the deleted network until the assets age out of your licensed assets count. You can still filter for assets that use the deleted network.
• You cannot create a new network that has the same name as a deleted network.

Before you begin:

Before you delete a network, consider the following:

• Consider moving assets to a different network before you delete the network. To move assets from a deleted network to another network, you must use the Tenable Vulnerability Management API.
• Tenable Vulnerability Management re-assigns any scanners or scanner groups in the deleted network to the default network. If you want to delete the scanners or scanner groups, see Remove a Sensor from a Scanner Group and Delete a Scanner Group.

To delete a network:

1. In the left navigation, click Sensors.

   The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.

2. Click the Networks tab.

   The list of networks appears.

3. Delete selected networks.

   Delete Scope	Action
   To delete a single network	To delete a single network: In the networks table, right-click the row for the network you want to delete. The action options appear next to your cursor. -or- In the networks table, in the Actions column, click the button in the row for the network you want to delete. The action options appear in the row. -or- Select the check box for the network you want to delete. The action bar appears at the top of the table. Click Delete.
   To delete multiple networks	To delete multiple networks: In the networks table, select the check box for the network you want to delete. The action bar appears at the top of the table. Click Delete.

Tenable Vulnerability Management deletes the network.