Welcome to Tenable for Nutanix

Last Updated: January 08, 2025

This document provides information and steps for integrating Tenable Vulnerability Management, Tenable Nessus Manager, or Tenable Security Center with Nutanix. For more information, refer to the following product documentation:

• Tenable Nessus Manager

• Tenable Security Center

• Tenable Vulnerability Management

Virtualization environments include a combination of hypervisors, management servers, often a large number of virtual machines, and can be complicated. Integrating Tenable Vulnerability Management, Tenable Security Center, or Tenable Nessus with Nutanix Prism Central allows you to scan these environments for a comprehensive cyber exposure view.

Tenable’s integration with Nutanix Prism Central API allows for the collection and enumeration of virtual environments during scans to collect host software versions, assisting with patch management and vulnerability detection.

How it works

Through the use of one of Tenable’s products (Tenable Vulnerability Management or Tenable Security Center), you can configure a Nutanix Prism Central credential under Miscellaneous credential types. This credential policy is then sent to the internally linked scanner to communicate with the Nutanix Prism Central API host. Tenable authenticates to the API based on the values provided in the scan credential and collect a variety of data.

What information does the Nutanix Prism Central integration collect?

Tenable attempts to collect data with respect to all hypervisors and virtual machines managed by the Nutanix central host. This information includes clusters, nodes, IP addresses, host software versions, services, and architecture. Data collected allows for scanning the Nutanix AOS and AHV products for known host vulnerabilities.

What the Nutanix Prism Central integration does not collect

The Nutanix Prism Central integration does not collect information about the collected host operating systems. Additionally, the Nutanix Prism Central integration can not collect all information about virtual machines themselves (for example, operating system details). At no point is Tenable authenticating to hosts discovered during the collection process. Tenable only authenticates to the API of the Prism Central host. The traditional concept of “Credentialed Checks” in Nessus Scan Information (Nessus Plugin ID 19506) does not apply here.

Note: You can configure additional SSH or Windows credentials for the Controller VM (CVM) and hypervisors in order to scan for operating system vulnerabilities.

Note: You can configure additional SSH or Windows credentials for virtual machines discovered using the integration in order to scan for operating system vulnerabilities.