Launch a Remediation Scan

Required Tenable Web App Scanning User Role:  Scan Operator, Standard, Scan Manager, or Administrator

On the Findings page or the Finding Details page, you can create a remediation scan to run a follow-up scan against existing scan results. Remediation scans allow you to validate whether your vulnerability remediation actions on the scan targets have been successful. If a remediation scan cannot identify a vulnerability on targets where the vulnerability was previously identified, the system changes the status of the vulnerability to Fixed.

To launch a remediation scan in the Tenable Web App Scanning interface:

  1. In the upper-left corner, click the Menu button.

    The left navigation plane appears.

  2. In the left navigation plane, click Findings.

    The Findings page appears.

  3. In the row, click the More button.

    A drop-down menu appears.

  4. In the drop-down box, click Launch Remediation Scan.

    The Create Remediation Scan configuration page appears.

    (Optional) You can also access the Launch Remediation Scan button in the Findings Details of a finding you select.

    Note: If your original scan configuration was for a multi-target scan, Tenable attempts to determine the correct target for remediation, but Tenable recommends that you double check the target and confirm.

    Note: The configuration page displays the same scan template settings used to create the original scan except for three items: A file under Crawl Scripts is created and used by the remediation scan process. The Elements to Audit section under Assessment which displays aspects of the plugin to be remediated. The configured plugins are also different, as only the plugin and related dependencies are enabled.

  5. (Optional) Enter your scan information.

  6. Click Save to save the scan setup, or click Save and Run to launch the scan.

    Note: You may get an error displaying the note "Could not reproduce vulnerability page for remediation." This scan note indicates that the scanner could not replicate the page seen in the vulnerability data. To remediate this vulnerability, try rerunning the original scan.

    Tenable Web App Scanning launches the scan.

What to do next:

  • In the Remediation Scans folder on the Scans page, do one of the following:
  • Once the scan completes:
    1. In the Remediation Scans folder, on the Scans page:

      • Verify that the finding does not appear in your completed remediation scan by clicking on it and reviewing the list of findings.
    2. On the Findings page:

      • Verify that the status for the selected vulnerabilities is now Fixed on the assets that the remediation scan targeted.

Remediation Scan Plugin Considerations

There are plugin types that are not supported in remediation scans, and plugin types that are full-scan remediation only. These are listed in the following tables: