TOC & Recently Viewed

Recently Viewed Topics

Provision Tenable Core Nessus (BYOL) in Azure Marketplace

The Tenable Core Nessus (BYOL) is an instance of Nessus installed within Microsoft Azure that allows scanning of the Azure cloud environments and instances. Tenable Core Nessus (BYOL) capabilities include web application scanning and detection of vulnerabilities, compliance violations, misconfigurations, and malware.

Customers interested in leveraging Tenable Core Nessus (BYOL) to secure their environments and instances must first purchase a license either directly from the Tenable Store or from an authorized reseller.

  1. To provision a Tenable Core Nessus (BYOL) instance, go to Microsoft Azure ( and log in.

  2. Click the green + New to open the Azure Marketplace.

  3. Enter Tenable in the search box.

    The TenableCore Nessus (BYOL) instance appears.

  4. Click TenableCore Nessus (BYOL) to open the instance details.
  5. Choose an option under Select a deployment model.

  6. Click Create to begin deployment of the TenableCore BYOL virtual machine.

  7. On the Basics page, enter the configuration information.

  8. Click OK. Refer to the TenableCore Nessus BYOL Scanner Basics table for details.

    TenableCore Nessus BYOL Scanner Basics

    Option Description
    Name Descriptive name for the Nessus BYOL scanner.
    VM disk type Select between SSD and HDD drives.
    User name User account name used to access the Nessus BYOL scanner.
    Authentication type Select SSH public key.
    SSH public key Once generated, enter the SSH public key.
    Subscription Select the subscription to which the virtual machine will be added.
    Resource group Enter the name of a new Resource group or select an existing Resource group.
    Location Select the geographical location for the virtual machine.
  9. Once the Basics information is entered, instance sizes and pricing appears.
  10. From the available options, click to choose the desired virtual machine size.

  11. Click Select.
  12. On the Settings screen, type the required information.

    Refer to the TenableCore Nessus BYOL Scanner Settings table for details.

    TenableCore Nessus BYOL Scanner Settings

    Option Description
    Storage accounts Creates or selects a storage account type and selects Standard or Premium disk type.
    Network Creates or selects a virtual network where the Nessus BYOL resides.
    Subnet Assign Nessus BYOL to a subnet in the virtual network.
    Public IP Address Creates a public IP address so that the Nessus BYOL virtual machine is accessible outside the virtual network.
    Network security group Enables firewall rules to control traffic to and from the Nessus BYOL virtual machine.
    Extensions Adds new features, like configuration management or anti-virus protection, to your virtual machine.
    High availability Provides redundancy by grouping two or more virtual machines in an availability set.
    Monitoring Enables system diagnostics and create a diagnostics storage account to analyze the results.
  13. Click OK.

    Offer details appear.

  14. Review the TenableCore Nessus BYOL virtual machine you configured, then click Purchase to buy it.

  15. If you are deploying the instance in an Azure Virtual Network, you must ensure it can reach TCP port 8834 on an IP address associated with the instance.

  16. Configure the instance and/or the Azure Virtual Network so the TenableCore Nessus (BYOL) can communicate with Tenable servers.

    This is required for registration and plugin updates.

    Note: If this is not possible, see the Offline Updates section in the Tenable Core User Guide.

    Note: Generally, you connect to the public IP address (or external hostname) associated with an instance. However, if you connect to Nessus using a VPN to the Azure Virtual Network, it may be a private IP address.

    Note: The IP addresses associated with an instance are found in the virtual machine Settings.

  17. After the instance is initialized, open a browser and connect to the instance to complete the configuration.

    Tip: For example: https://<IP address or hostname>:8834

    The following welcome screen appears.

  18. To complete the configuration, see the User Guide.

    Note: Microsoft does not require pre-approval to conduct vulnerability scans against Azure resources.

Copyright © 2019 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.