Perform Asset-Specific Tenable Nessus Scan

Tenable Nessus is a tool that scans IT devices to detect vulnerabilities. OT Security enables you to run the Tenable Nessus Basic Network Scan on specific IT assets within your OT network. This is an active full system scan that gathers additional information about vulnerabilities on the servers and network devices. This scan uses the WMI and SNMP credentials, if they are available. This action is only available for relevant PC-based machines. You can access the scan results from the Vulnerabilities page. You can also create customized scans to run a specific set of Tenable Nessus Plugins on a particular set of network assets, see Tenable Nessus Plugin Scans.

The Nessus scan in OT Security uses the same policy settings as a basic network scan in Tenable Nessus, Tenable Security Center, and Tenable Vulnerability Management. The only difference is the performance options in OT Security. The following are the performance options for the Nessus scan in OT Security. These options also apply to the Nessus scan you launch from the Active Queries Management page.

  • 5 simultaneous hosts (max)

  • 2 simultaneous checks per hosts (max)

  • 15 second network read timeout

Note: Tenable Nessus is an invasive tool which works best in IT environments. Tenable recommends that you do not use it on OT devices, as it may interfere with their normal operation.

To run a Tenable Nessus Scan on specific assets:

  1. Go to Inventory > Network Assets.

    The Network Assets page appears.

  2. Select the checkbox next to the asset or assets you want to scan.

  3. In the upper-right corner, click Actions > Nessus Scan.

    The Approve Nessus Scan dialog box appears.

  4. Click Proceed with Scan.

    OT Security runs the Nessus Scan.