Tenable Nessus Plugin and Software Updates
The following topic describes how Tenable Nessus receives plugin and software updates based on configuration and license type. Tenable Nessus plugins and software updates differently depending on how it is configured during the initial setup.
Tenable Nessus Configuration | Plugin Updates | Software Updates |
---|---|---|
Tenable Nessus standalone installation |
By default, standalone Tenable Nessus is configured to receive plugins from plugins.nessus.org automatically on a daily interval. You can also trigger a manual update by navigating to the Settings > About page and clicking next to the Last Updated section. You can check the current installed plugin set in the same section. |
By default, Tenable Nessus receives software updates from downloads.nessus.org automatically. If the following criteria is met, there is a banner at the top of the Tenable Nessus user interface when an update is available:
To configure automatic updates, see Update Tenable Nessus Software. |
Tenable Nessus offline installation |
For offline devices, you need to install plugins manually. For more information, see Update Plugins Offline. | For offline devices, you need to upgrade the Tenable Nessus software manually with the upgrade method dependent on the operating system that Tenable Nessus is installed on. For more information, see Update Tenable Nessus Manager Manually on an Offline System. |
Tenable Nessus managed by Tenable Security Center |
Tenable Nessus receives plugins from Tenable Security Center. Tenable Security Center checks in with Tenable Nessus every 15 minutes to see if the Tenable Nessus plugin set matches the Tenable Security Center set. If it does not match, then Tenable Security Center provides a new set of plugins. | Tenable Nessus scanners managed by Tenable Security Center do not update their software automatically. The only exception to this is if Tenable Nessus is installed on Tenable Core and automatic updates are enabled. |
Tenable Nessus linked to Tenable Vulnerability Management |
Devices linked to Tenable Vulnerability Management receive plugins from cloud.tenable.com. |
Tenable Nessus linked to Tenable Vulnerability Management receives software updates from cloud.tenable.com automatically. Tenable Nessus checks in to Tenable Vulnerability Management once every 24 hours for core software updates by default. |
Tenable Nessus Agents managed by Tenable Nessus Manager |
Tenable Nessus Agents receive plugins from their Tenable Nessus Manager. Once deployed, agents download a full plugin set from their Tenable Nessus Manager instance. Once the agent downloads a full plugin set, it downloads differential plugin sets from its manager moving forward, unless the set becomes more than 5 days out of date. |
Tenable Nessus Agents receive software updates from their Tenable Nessus Manager. Agents check in for core software updates every 24 hours, dependent on when the agent was deployed. If the agent is offline at its usual update time, such as if the agent host is off, it checks for software updates when it comes back online, and that becomes the agent's new update time. |
Tenable Nessus Agents managed by Tenable Vulnerability Management |
Tenable Nessus Agents receive plugins from Tenable Vulnerability Management. Agents remain without plugin sets until an agent needs plugin sets for scanning. When the agent needs to scan for the first time and the agent does not have plugin sets, the agent downloads the plugin set needed for the requested scan type (this can be the full vulnerability plugin set or the inventory plugin set). After the initial scan, the agent performs a differential plugin update when any of the agent plugin sets are 15 days or less behind the Tenable Vulnerability Management plugin sets. The agent also performs a full plugin update when any of the agent plugin sets are more than 15 days behind the Tenable Vulnerability Management plugin sets. The agent deletes unused plugin sets after a configurable amount of time (for more information, see the days_to_keep_unused_plugins advanced setting). After the amount of time passes, the agent deletes the unused plugin sets. |
Tenable Nessus Agents receive software updates from Tenable Vulnerability Management. Agents check in for core software updates every 24 hours, dependent on when the agent was deployed. If the agent is offline at its usual update time, such as if the agent host is off, it checks for software updates when it comes back online, and that becomes the agent's new update time. |