Plugin Updates
Before any plugin updates occur, Tenable Agent performs an initial plugin download from its linked manager (Tenable Vulnerability Management or Tenable Nessus Manager).
-
Tenable Nessus Manager — The agent performs the initial plugin download upon successfully linking to Tenable Nessus Manager.
-
Tenable Vulnerability Management — The agent performs the initial plugin download when the agent receives its first scan job or when you assign the agent a triggered scan.
After the initial plugin download, Tenable Agent keeps its plugin set current by checking its linked manager (Tenable Vulnerability Management or Tenable Nessus Manager) for updates. The agent checks for plugin updates no less than every 24 hours since the previous update.
Differential vs. Full Updates
When the agent successfully checks in with the manager, it performs either a differential or a full update depending on the linked manager and the age of the current plugin set.
| Linked Manager | Differential Update | Full Update |
|---|---|---|
| Tenable Vulnerability Management |
The agent performs a differential update when any of the agent plugin sets are 15 days or less behind the Tenable Vulnerability Management plugin sets. |
The agent performs a full plugin update when the agent does not have a plugin set and it needs plugins for an assigned window or triggered scan. |
| Tenable Nessus Manager | The agent performs a differential plugin update when the agent plugin set is 5 days or less behind the Tenable Nessus Manager plugin set. | The agent performs a full plugin update when the agent plugin set is more than 5 days behind the Tenable Nessus Manager plugin set. |
Connectivity and Retry Logic
If the agent attempts to update but cannot connect to the plugin feed (due to network issues or feed availability), it employs an exponential retry strategy:
-
The agent attempts to update.
-
If the connection fails, the agent retries repeatedly over a 24-hour period, increasing the wait time between attempts (for example, 30 seconds, 60 seconds, 90 seconds).
-
If the agent cannot connect after 24 hours of retry attempts, it reverts to checking once every 24 hours.