Tenable Nessus BYOL Scanner

The following instructions describe how to configure a Tenable Nessus Bring Your Own License (BYOL) Amazon Web Services (AWS) scanner. Each section includes steps for configuring the scanner via the user interface or via the command line.

Note: For more information on advanced settings for Tenable Nessus (for example, security group configuration), see Advanced Settings in the Tenable Nessus User Guide.

Before you begin:

To configure the Nessus BYOL Scanner in AWS:

  1. Log in to the AWS Management Console.
  2. In the top menu bar, click Services.

    The Services page appears.

    Note: Amazon is continually updating their service, so screenshots may differ from the AWS interface you see.

  3. In the Compute section, click EC2.

    The EC2 Dashboard appears.

  4. In the Create Instance section, click Launch Instance.

    The Choose an Amazon Machine Image (AMI) page appears.

  5. In the left panel, click AWS Marketplace.
  6. In the search box, type Nessus.
  7. On your keyboard, press Enter.
  8. In the Nessus (BYOL) section, click Select.

    The Nessus (BYOL) review window appears.

  9. Review the pricing details and instance type details.
  10. Click Continue.

    The Step 2: Choose an Instance Type page appears.

  11. Click Next: Configure Instance Details.

    The Step 3: Configure Instance Details page appears.

  12. Configure the instance details according to your company-specific preferences.
    Note: Your system must also:
    • Meet the hardware requirements described in the Tenable Nessus User Guide.
    • Include an internet connection with which to access Tenable Vulnerability Management.
  13. Click Next: Add Storage.

    The Step 4: Add Storage page appears.

  14. Configure the storage details according to your company-specific preferences.
  15. Click Next: Add Tags.

    The Step 5: Add Tags page appears.

  16. (Optional) Configure tags according to your company-specific preferences.
  17. Click Next: Configure Security Group.

    The Step 6: Configure Security Group page appears.

  18. (Optional) Configure the security group details according to your company-specific preferences.
  19. Click Review and Launch.

    The Review Instance page appears.

  20. Click Launch.

    A key pair page appears.

  21. Do one of the following:
    • If you have access to an existing key pair, select Choose an existing key pair.
      1. In the Select a key pair section, select the key pair you want to use.
      2. Select the acknowledge checkbox.
    • If you do not have access to an existing key pair, select Create a new key pair.
      1. In the Key pair name box, type a name for the key pair.
      2. Click Download Key Pair.

    Tip: You need this key pair to access the Nessus Professional BYOL scanner from the command line for activation/registration. For more information, see Activate Tenable Nessus BYOL Scanner via the Command Line.

  22. Click Launch Instances.

    The Launch Status page appears. AWS begins a validation process for the new Nessus BYOL EC2 Instance and proceeds to pass health checks.

  23. Click View Instances to confirm the instance appears successfully.

Note: When the status checks are complete, take note of the public IP (if applicable) of the Nessus BYOL instance. Otherwise, you need a Bastion host to access the command line to continue configuration of the Nessus BYOL Scanner.