Patch Management Credentials

Tenable Nessus Manager can leverage credentials for patch management systems to perform patch auditing on systems for which credentials may not be available.

Note: Patch management integration is not available on Tenable Nessus Essentials, Tenable Nessus Professional, Tenable Nessus Expert, or managed Tenable Nessus scanners.

Tenable Nessus Manager supports:

  • Dell KACE K1000

  • HCL BigFix

  • Microsoft System Center Configuration Manager (SCCM)

  • Microsoft Windows Server Update Services (WSUS)

  • Red Hat Satellite Server

  • Symantec Altiris

You can configure patch management options in the Credentials section while creating a scan, as described in Create a Scan.

IT administrators are expected to manage the patch monitoring software and install any agents required by the patch management system on their systems.

Note: If the credential check sees a system but it is unable to authenticate against the system, it uses the data obtained from the patch management system to perform the check. If Tenable Nessus is able to connect to the target system, it performs checks on that system and ignores the patch management system output.

Note: The data returned to Tenable Nessus by the patch management system is only as current as the most recent data that the patch management system has obtained from its managed hosts.

Scanning with Multiple Patch Managers

If you provide multiple sets of credentials to Tenable Nessus for patch management tools, Tenable Nessus uses all of them.

If you provide credentials for a host and for one or more patch management systems, Tenable Nessus compares the findings between all methods and report on conflicts or provide a satisfied finding. Use the Patch Management Windows Auditing Conflicts plugins to highlight patch data differences between the host and a patch management system.