Recently Viewed Topics
Provisioning Tenable Core Nessus (BYOL)
The Tenable Core Nessus (BYOL) is an instance of Tenable.io installed within Microsoft Azure that allows scanning of the Azure cloud environments and instances. Tenable Core Nessus (BYOL) capabilities include web application scanning and detection of vulnerabilities, compliance violations, misconfigurations, and malware.
Customers interested in leveraging Tenable Core Nessus (BYOL) to secure their environments and instances must first purchase a Tenable.io license either directly from the Tenable Store or from an authorized reseller. The license provides an Activation Code to use when provisioning Tenable.io from your Microsoft Azure account.
To provision a Tenable Core Nessus (BYOL) instance, go to Microsoft Azure (https://manage.windowsazure.com) and log in.
Click the green + to open the Azure Marketplace.
Enter Tenable in the search box.
The TenableCore Nessus (BYOL) instance appears below.
- Click TenableCore Nessus (BYOL) to open the instance details.
Choose an option under Select a deployment model.
Click Create to begin deployment of the TenableCore BYOL virtual machine.
Enter the configuration information on the Basics screen.
TenableCore Nessus BYOL Scanner Basics
Option Description Name A descriptive name for the Nessus BYOL scanner. VM disk type Select SSD or HDD drive for the VM disk type. User name The user account name used to access the Nessus BYOL scanner. Authentication type Select Password or SSH public key for the desired authentication type. SSH public key The SSH public key. Subscription Select the subscription to which the virtual machine will be added. Resource group Enter the name of a new Resource group or select an existing Resource group. Location Select the geographical location for the virtual machine.
- Once the Basics information is entered, instance sizes and pricing appears.
From the available options, click to choose the desired virtual machine size.
- Click Select.
On the Settings screen, type the required information.
Refer to the TenableCore Nessus BYOL Scanner Settings table for details.
TenableCore Nessus BYOL Scanner Settings
Option Description Storage accounts Creates or selects a storage account type and selects Standard or Premium disk type. Network Creates or selects a virtual network where the Nessus BYOL resides. Subnet Assign Nessus BYOL to a subnet in the virtual network. Public IP Address Creates a public IP address so that the Nessus BYOL virtual machine is accessible outside the virtual network. Network security group Enables firewall rules to control traffic to and from the Nessus BYOL virtual machine. Extensions Adds new features, like configuration management or anti-virus protection, to your virtual machine. High availability Provides redundancy by grouping two or more virtual machines in an availability set. Monitoring Enables system diagnostics and create a diagnostics storage account to analyze the results.
Offer details appear.
Review, then click Purchase to buy the TenableCore Nessus BYOL virtual machine you configured.
If you are deploying the instance into an Azure Virtual Network, you must ensure it can reach TCP port 8834 on an IP address associated with the instance.
Configure the instance and/or the Azure Virtual Network so the TenableCore Nessus (BYOL) can communicate with Tenable servers.
This is required for registration and plugin updates.
Note: If this is not possible, see the Offline Updates section in the Tenable Core User Guide.
Note: Generally, you connect to the public IP address (or external hostname) associated with an instance. However, if you connect to Nessus using a VPN to the Azure Virtual Network, it may be a private IP address.
Note: The IP addresses associated with an instance are found in the virtual machine Settings.
After the instance is initialized, open a browser and connect to the instance to complete the configuration.
Tip: For example: https://<IP address or hostname>:8834
The following welcome screen appears.
To complete the configuration, see the Tenable.io User Guide.
Note: Prior to scanning, you must request permission to conduct vulnerability and penetration testing on instances in the Microsoft Azure cloud environment. See the Penetration Testing Terms documentation to review the approval process and submit a testing request.