Tenable Nessus Scanner Hardware Requirements

Enterprise networks can vary in performance, capacity, protocols, and overall activity. Resource requirements to consider for Tenable Nessus deployments include raw network speed, the size of the network, and the configuration of Tenable Nessus.

The following recommendations are guidelines for the minimum hardware allocations. Certain types of scans are more resource intensive. If you run complex scans, especially those with credentials, you may require more disk space, memory, and processing power.

Tip: For information on maximizing your scan performance and scan configuration tips, see the Tenable Nessus Scan Tuning Guide.

Note: In addition to the minimum recommended disk spaces listed in the following sections, consider how much additional disk space your organization needs to store Tenable Nessus log files. By default, nessusd.dump and nessusd.messages can store up to 50 GB of log files each, but you can configure this size to be larger or smaller depending on your organization's needs. For more information, see the dumpfile_max_files, dumpfile_max_size, logfile_max_files, and logfile_max_size settings in the Tenable Nessus User Guide Advanced Logging Settings.

Tenable Nessus Scanners and Tenable Nessus Professional

The following table lists the hardware requirements for Tenable Nessus scanners and Tenable Nessus Professional.

Scenario

Minimum Recommended Hardware

Scanning up to 50,000 hosts per scan

CPU: 4 2GHz cores

Memory: 4 GB RAM (8 GB RAM recommended)

Disk space: 30 GB, not including space used by the host operating system

Note: Your usage (e.g., scan results, plugin updates, and logs) increases the amount of disk space needed over time.

Scanning more than 50,000 hosts per scan

CPU: 8 2GHz cores

Memory: 8 GB RAM (16 GB RAM recommended)

Disk space: 30 GB, not including space used by the host operating system

Note: Your usage (e.g., scan results, plugin updates, and logs) increases the amount of disk space needed over time.

Tenable Nessus Manager

The following table lists the hardware requirements for Tenable Nessus Manager.

Note: To view the hardware requirements for Nessus Manager clustering, see Clustering System Requirements.

Scenario

Minimum Recommended Hardware

Nessus Manager with 0-10,000 agents

CPU: 4 2GHz cores

Memory: 16 GB RAM

Disk space: 5 GB per 5,000 agents per concurrent scan

Note: Scan results and plugin updates require more disk space over time.

Nessus Manager with 10,001-20,000 agents

 

CPU: 8 2GHz cores

Memory: 32 GB RAM

Disk space: 5 GB per 5,000 agents per concurrent scan

Note: Scan results and plugin updates require more disk space over time.

Note: Engage with your Tenable representative for large deployments.

Tenable Nessus with Web Application Scanning Enabled

The following table lists the hardware requirements for Tenable Nessus Expert with web application scanning enabled and Tenable Nessus scanners with web application scanning enabled in Tenable Security Center:

Hardware Minimum Requirement
Processor > 8 2GHz cores
RAM

> 8 GB

Tenable recommends using 16 GB RAM for the best results.

Disk Space

> 40 GB, not including space used by the host operating system

Your overall usage (scan results, plugin updates, logging) increase the amount of disk space needed over time.

Storage Requirements

Tenable Nessus only supports storage area networks (SANs) or network-attached storage (NAS) configurations when installed on a virtual machine managed by an enterprise class hypervisor. Tenable Nessus Manager requires higher disk throughput and may not be appropriate for remote storage. If you install Tenable Nessus on a non-virtualized host, you must do so on direct-attached storage (DAS) devices.

Tenable recommends a minimum of 5,000 MB of temporary space for the Nessus scanner to run properly.

Note:Tenable Nessus is a CPU-intensive application. If you deploy Tenable Nessus in a virtualized infrastructure, take care to avoid running Tenable Nessus in a manner in which it may attempt to draw on oversubscribed resources, especially CPU. Refer to your vendor-specific virtualized infrastructure documentation for guidance on optimizing virtual infrastructure resource allocation.

NIC Requirements

Tenable recommends you configure the following, at minimum, to ensure network interface controller (NIC) compatibility with Tenable Nessus:

  • Disable NIC teaming or assign a single NIC to Tenable Nessus.

  • Disable IPv6 tunneling on the NIC.

  • Disable packet capture applications that share a NIC with Tenable Nessus.

  • Avoid deploying Tenable Nessus in a Docker container that shares a NIC with another Docker container.

For assistance confirming if other aspects of your NIC configuration are compatible with Tenable Nessus, contact Tenable Support.

Virtual Machines

Tenable Nessus can be installed on a virtual machine that meets the same requirements. If your virtual machine is using Network Address Translation (NAT) to reach the network, many of the Tenable Nessus vulnerability checks, host enumeration, and operating system identification are negatively affected.

Note: Only one virtualized Tenable Nessus scanner can be run on any physical host. Tenable Nessus relies on low-level network operations and requires full access to the host's network interface controller (NIC). In a virtualization environment (for example, Hyper-V, Docker), this can cause incorrect scanner behavior, or host instability, if more than one virtualized Tenable Nessus scanner attempts to share a single physical NIC.

Note:Tenable Nessus is a CPU-intensive application. If you deploy Tenable Nessus in a virtualized infrastructure, take care to avoid running Tenable Nessus in a manner in which it may attempt to draw on oversubscribed resources, especially CPU. Refer to your vendor-specific virtualized infrastructure documentation for guidance on optimizing virtual infrastructure resource allocation.