Link a BYOL Scanner to Tenable Vulnerability Management with Pre-Authorized Scanner Features

You can retain your pre-authorized AMI installation features when linking BYOL scanners to Tenable Vulnerability Management by using the following procedure.

Note: This feature is only available for Nessus versions 10.2.0 and later.
Caution: If you plan to downgrade a 10.2 Nessus scanner that was linked with the AWS scanner flag (see the following steps) to version 10.1.x or earlier, you need to manually unlink and relink the scanner after downgrading. Otherwise, Tenable Vulnerability Management does not recognize the scanner.

Before you begin:

Assign an IAM role to the Tenable Nessus instance you are deploying. For more information, see step 16 of Launch Pre-Authorized Nessus Scanner.

To link a BYOL scanner to Tenable Vulnerability Management with pre-authorized scanner features:

When you link the scanner to Tenable Vulnerability Management using the command line, as described in the Link to Tenable Vulnerability Management topic in the Tenable Nessus User Guide, use the optional --aws-scanner flag. For example:

> nessuscli managed link --key=<LINKING KEY> --cloud --aws-scanner

Note: The scanner must already be running on an AWS instance for the flag to take effect.