TOC & Recently Viewed

Recently Viewed Topics

Provisioning Tenable Core Nessus (BYOL)

The Tenable Core Nessus (BYOL) is an instance of installed within Microsoft Azure that allows scanning of the Azure cloud environments and instances. Tenable Core Nessus (BYOL) capabilities include web application scanning and detection of vulnerabilities, compliance violations, misconfigurations, and malware.

Customers interested in leveraging Tenable Core Nessus (BYOL) to secure their environments and instances must first purchase a license either directly from the Tenable Store or from an authorized reseller. The license provides an Activation Code to use when provisioning from your Microsoft Azure account.

  1. To provision a Tenable Core Nessus (BYOL) instance, go to Microsoft Azure ( and log in.

  2. Click the green + to open the Azure Marketplace.

  3. Enter Tenable in the search box.

    The TenableCore Nessus (BYOL) instance appears below.

  4. Click TenableCore Nessus (BYOL) to open the instance details.
  5. Choose an option under Select a deployment model.

  6. Click Create to begin deployment of the TenableCore BYOL virtual machine.

  7. Enter the configuration information on the Basics screen.

  8. Click OK. Refer to the TenableCore Nessus BYOL Scanner Basics table for details.

    TenableCore Nessus BYOL Scanner Basics

    Option Description
    Name A descriptive name for the Nessus BYOL scanner.
    VM disk type Select SSD or HDD drive for the VM disk type.
    User name The user account name used to access the Nessus BYOL scanner.
    Authentication type Select Password or SSH public key for the desired authentication type.
    SSH public key The SSH public key.
    Subscription Select the subscription to which the virtual machine will be added.
    Resource group Enter the name of a new Resource group or select an existing Resource group.
    Location Select the geographical location for the virtual machine.
  9. Once the Basics information is entered, instance sizes and pricing appears.
  10. From the available options, click to choose the desired virtual machine size.

  11. Click Select.
  12. On the Settings screen, type the required information.

    Refer to the TenableCore Nessus BYOL Scanner Settings table for details.

    TenableCore Nessus BYOL Scanner Settings

    Option Description
    Storage accounts Creates or selects a storage account type and selects Standard or Premium disk type.
    Network Creates or selects a virtual network where the Nessus BYOL resides.
    Subnet Assign Nessus BYOL to a subnet in the virtual network.
    Public IP Address Creates a public IP address so that the Nessus BYOL virtual machine is accessible outside the virtual network.
    Network security group Enables firewall rules to control traffic to and from the Nessus BYOL virtual machine.
    Extensions Adds new features, like configuration management or anti-virus protection, to your virtual machine.
    High availability Provides redundancy by grouping two or more virtual machines in an availability set.
    Monitoring Enables system diagnostics and create a diagnostics storage account to analyze the results.
  13. Click OK.

    Offer details appear.

  14. Review, then click Purchase to buy the TenableCore Nessus BYOL virtual machine you configured.

  15. If you are deploying the instance into an Azure Virtual Network, you must ensure it can reach TCP port 8834 on an IP address associated with the instance.

  16. Configure the instance and/or the Azure Virtual Network so the TenableCore Nessus (BYOL) can communicate with Tenable servers.

    This is required for registration and plugin updates.

    Note: If this is not possible, see the Offline Updates section in the Tenable Core User Guide.

    Note: Generally, you connect to the public IP address (or external hostname) associated with an instance. However, if you connect to Nessus using a VPN to the Azure Virtual Network, it may be a private IP address.

    Note: The IP addresses associated with an instance are found in the virtual machine Settings.

  17. After the instance is initialized, open a browser and connect to the instance to complete the configuration.

    Tip: For example: https://<IP address or hostname>:8834

  18. The following welcome screen appears.

    To complete the configuration, see the User Guide.

    Note: Prior to scanning, you must request permission to conduct vulnerability and penetration testing on instances in the Microsoft Azure cloud environment. See the Penetration Testing Terms documentation to review the approval process and submit a testing request.

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable,, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.