Create Nessus Plugin Scans
The Nessus Plugin Scan launches an advanced Nessus scan that executes a user-defined list of plugins on the assets specified in the list of CIDRs and IP addresses.
The OT Security executes the scan on responsive assets within the designated CIDRs. However, to protect your OT devices, OT Security scans only confirmed network assets in the given range (non-PLCs). OT Security excludes assets of the type Endpoint from the scan.
The Nessus scan in OT Security uses the same policy settings as a basic network scan in Tenable Nessus, Tenable Security Center, and Tenable Vulnerability Management. The only difference is the performance options in OT Security. The following are the performance options for the Nessus scan in OT Security. These options also apply to the Nessus Basic scan you launch from the Inventory > All Assets page.
-
5 simultaneous hosts (max)
-
2 simultaneous checks per hosts (max)
-
15 second network read timeout
To run a basic Nessus scan on any one asset, see Perform Asset-Specific Tenable Nessus Scan.
To create a Nessus Plugin Scan:
-
Go to Active Queries > Nessus Scans.
-
In the upper-right corner, click Create Scan.
The Create Nessus Plugin List Scan panel appears.
-
In the Name box, type a name for the Nessus scan.
-
In the IP Ranges box, type a range of IPs or CIDRs.
-
Click Next.
The Plugins pane appears.
Note: OT Security lists only those plugins that are specific to the device. Your license must be up to date to receive new Plugins. To update your license, see Update the License. -
In the Plugin Family Name column, select the required Plugin Families to include them in the scan. In the right column, clear the checkboxes for individual plugins as needed.
Note: For more information about Tenable Nessus Plugin Families, see https://www.tenable.com/plugins/nessus/families. -
Click Save.
The new Nessus scan appears on the Nessus Scans page.
Note: To edit or delete an existing Tenable Nessus scan, right-click the scan, then select Edit or Delete.
To run a Nessus Plugin Scan:
-
On the Nessus Scans page, do one of the following:
-
Right-click the scan, then select Run now.
-
Select the scan you want to run, then click Actions > Run now.
The Approve Nessus Scan dialog appears.
-
-
If you know there are no OT devices included in the scan, click Proceed Anyway.
The dialog closes and OT Security saves the scan.
-
To run the scan, right-click the scan row again and select Run now.
The Approve Nessus Scan dialog appears again.
-
Click Proceed Anyway.
OT Security now runs the scan. You can pause/resume, stop, or kill scans depending on their current status.