Provision Tenable Core Web Application Scanner (BYOL)

Tenable Core Web Application Scanner Bring Your Own License (BYOL) is an instance of a Tenable Vulnerability Management Web Application Scanner installed in Microsoft Azure that allows you to scan internal-facing web applications deployed in Microsoft Azure. The Tenable Core Web Application Scanner (BYOL) is used to perform vulnerability assessments of web applications.

To provision a Tenable Core Web Application Scanner BYOL instance:

  1. Log in to the Microsoft Azure portal.

  2. In the left-hand menu, click + Create a resource.

    The New page appears.

  3. In the search box, type TenableCore WAS (BYOL).

    As you type, Tenable options appear.

  4. Select the TenableCore WAS (BYOL) option or press enter.

    The TenableCore WAS (BYOL) page appears.

  1. Click the Create button.

    The Create a virtual machine page appears.

  2. On the Basics tab, enter the required information for each option in the Project details, Instance details, and Administrator account sections.

    Option Description
    Project Details
    Subscription The account through which resources are reported and services are billed.
    Resource Group The collection of resources that share the same lifecycle, permissions, and policies.
    Instance Details
    Virtual machine name

    The name used for both, the virtual machine and host name.

    Note: The virtual machine name cannot be changed after the virtual machine is created. You can change the host name when you log into the virtual machine.


    The regional location most suitable for you and your customers.

    Note: Some virtual machine sizes are not available in certain regions.
    Availability options (Optional)  Additional options to help manage availability and resilience of your applications. Provides options to use replicated virtual machines in availability zones or availability settings to protect your applications and data from outages and maintenance events.
    Image The base operating system or application for the virtual machine.
    Size The virtual machine size to support the workload you want to run.
    Administrator Account
    Authentication Type The type of authentication the administrator uses - SSH or password.
    Username The administrator username for the virtual machine.
    SSH Key

    (Only available when you select SSH for Authentication Type) The single-line RSA public key or multi-line PEM certificate.

    For additional information on setting up your SSH account, see Create a Password for the Initial Administrator User Account.

    Password (Only available when you select Password for Authentication Type) The administrator password for the virtual machine.
    Confirm Password (Only available when you select Password for Authentication Type) Verification for the administrator password for the virtual machine.
  1. Click the Disks tab.

    The Disks page appears.

  2. On the Disks page, in the Disks option section, select an OS disk type from the drop-down.
  3. (Optional) In the Data disks section, you can add and configure additional data disks or attach existing disks.
  4. Click the Networking tab.

    The Networking page appears.

  5. In the Virtual Network drop-down box, select a network.
  6. (Optional) Select a Public IP and NIC network security group.
  7. In the Configure network group drop-down box, select a resource group.

    Note: You can create a new group by clicking the Create new link beneath the drop-down box.

  8. (Optional) Enable or disable Accelerated networking option.
  9. (Optional) In the Load balancing option, select to place the virtual machine behind an existing load balancing solution.
  10. Click the Management tab.

    The Management page appears.

  11. Enter your management preferences.

    Options Description
    Boot diagnostics (Optional) Enable to capture the serial console output and screenshots of the virtual machine running on a host.
    OS guest diagnostics (Optional) Enable to receive metrics for your virtual machine.
    Diagnostic storage account The account used to store your metrics.
    System assigned managed identity (Optional) Enable to grant permissions using the Azure role-based access control.
    Microsoft Entra ID
    Login with AAD credentials (preview) (Optional) Enable to use your corporate Active Directory credentials to log in to the virtual machine, enforce MFA, and enable access via RBAC roles.
    Enable auto-shutdown (Optional) Enable to automatically shutdown your virtual machine daily.
  12. (Optional) Click the Advanced tab.

    The Advanced page appears.

  13. (Optional) On the Advanced page, enter information for the Extenstions, Cloud init, Host, and VM generation sections.
  14. (Optional) Click the Tags tab.

    The Tags page appears.

  15. (Optional) On the Tags page, use the drop-down boxes to create tags to help categorize your resources.
  16. Click Review + Create.

    The Create a virtual machine page appears, and the system begins a validation process.

    After the validation completes, a success message appears at the top of the screen.

  17. Click Create.

    Azure begins the virtual machine deployment.

    After the validation completes, a success message appears.

    The TenableCore WAS (BYOL) virtual machine is added to your Resource Groups.

What to do next: