Create Nessus Plugin Scans

The Nessus Plugin Scan launches an advanced Nessus scan that executes a user-defined list of plugins on the assets specified in the list of CIDRs and IP addresses.

The OT Security executes the scan on responsive assets within the designated CIDRs. However, to protect your OT devices, OT Security scans only confirmed network assets in the given range (non-PLCs). OT Security excludes assets of the type Endpoint from the scan.

The Nessus scan in OT Security uses the same policy settings as a basic network scan in Tenable Nessus, Tenable Security Center, and Tenable Vulnerability Management. The only difference is the performance options in OT Security. The following are the performance options for the Nessus scan in OT Security. These options also apply to the Nessus Basic scan you launch from the Inventory > All Assets page.

  • 5 simultaneous hosts (max)

  • 2 simultaneous checks per hosts (max)

  • 15 second network read timeout

Note: Tenable Nessus is an invasive tool which works best in IT environments. Tenable does not recommend Tenable Nessus for use on OT devices, as it may interfere with their normal operation.

To run a basic Nessus scan on any one asset, see Perform Asset-Specific Tenable Nessus Scan.

Note: You can run the basic scan on assets of type Endpoint.