Link to Tenable Vulnerability Management

During initial installation, you can install Tenable Nessus as a remote scanner linked to Tenable Vulnerability Management. If you choose not to link the scanner during initial installation, you can link your Tenable Nessus scanner later.

Note: If you use domain allow lists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allow list. This ensures communication with sensor.cloud.tenable.com, which the scanner uses to communicate with Tenable Vulnerability Management.

Note: Once you link Tenable Nessus to Tenable Vulnerability Management, it remains linked until you unlink it.

Before you begin:

  • Configure Tenable Nessus as described in Configure Tenable Nessus.
  • If the Tenable Nessus scanner is or was previously linked to Tenable Vulnerability Management, Tenable.sc, or Tenable Nessus Manager, you need to unlink the scanner or run the nessuscli fix --reset-all command (for more information, see Fix Commands).

To link Tenable Nessus to Tenable Vulnerability Management from the Tenable Nessus user interface:

  1. On the Welcome to Nessus screen, select Link Nessus to another Tenable product.

  2. Click Continue.

    The Managed Scanner screen appears.

  3. From the Managed by drop-down box, select Tenable.io.

  4. In the Linking Key box, type the linking key of your Tenable Vulnerability Management instance.

  5. Click Continue.

    The Create a user account screen appears.

  6. Create a Tenable Nessus administrator user account that you use to log in to Tenable Nessus:
    1. In the Username box, enter a username.

    2. In the Password box, enter a password for the user account.

      Note: Passwords cannot contain Unicode characters.

  7. Click Submit.

    Tenable Nessus finishes the configuration process, which may take several minutes.

  8. Using the administrator user account you created, Sign In to Tenable Nessus.

To link Tenable Nessus to Tenable Vulnerability Management from the command-line interface (CLI):

If you registered or linked Tenable Nessus previously, you need to reset Tenable Nessus before linking to Tenable Vulnerability Management.

Run the following commands to reset Tenable Nessus and link to Tenable Vulnerability Management based on your operating system. To retrieve the linking key needed in the following commands, see Link a Sensor in the Tenable Vulnerability Management user guide.

Note: The --reset-all command used in the following steps removes any existing users, data, settings, and configurations. Tenable recommends exporting scan data and creating a backup before resetting. For more information, see Backing Up Tenable Nessus.
Note: When running the adduser command in the following steps, create the user as a full administrator/system administrator when prompted.
Note: You must have root permissions or greater to run the link commands successfully.

  1. Open the Linux CLI.

  2. Run the following commands in the listed order:

    # service nessusd stop
    # cd /opt/nessus/sbin
    # ./nessuscli fix --reset-all
    # ./nessuscli adduser

  3. Do one of the following:

    • If you are linking to a Tenable Vulnerability Management FedRAMP site, run the following link command:

      # /opt/nessus/sbin/nessuscli managed link --key=<key> --host=fedcloud.tenable.com --port=443

    • If you are not linking to a FedRAMP site, run the following link command:

      # ./nessuscli managed link --key=<LINKING KEY> --cloud

  4. Run the following linking command:

    # service nessusd start

Note: You must have admin permissions to run the link commands successfully.

  1. Open the Windows CLI.

  2. Run the following commands in the listed order:

    > net stop "tenable nessus"
    > cd C:\Program Files\Tenable\Nessus
    > nessuscli fix --reset-all
    > nessuscli adduser

  3. Do one of the following:

    • If you are linking to a Tenable Vulnerability Management FedRAMP site, run the following link command:

      > \opt\nessus\sbin\nessuscli managed link --key=<key> --host=fedcloud.tenable.com --port=443

    • If you are not linking to a FedRAMP site, run the following link command:

      > nessuscli managed link --key=<LINKING KEY> --cloud

  4. Run the following command:

    > net start "tenable nessus"
Note: You must have admin permissions to run the link commands successfully.

  1. Open Terminal.

  2. Run the following commands in the listed order:

    # launchctl unload -w /Library/LaunchDaemons/com.tenablesecurity.nessusd.plist
    # /Library/Nessus/run/sbin/nessuscli fix --reset-all
    # /Library/Nessus/run/sbin/nessuscli adduser

  3. Do one of the following:

    • If you are linking to a Tenable Vulnerability Management FedRAMP site, run the following link command:

      # /opt/nessus/sbin/nessuscli managed link --key=<key> --host=fedcloud.tenable.com --port=443

    • If you are not linking to a FedRAMP site, run the following link command:

      # /Library/Nessus/run/sbin/nessuscli managed link --key=<LINKING KEY> --cloud

  4. Run the following command:

    # launchctl load -w /Library/LaunchDaemons/com.tenablesecurity.nessusd.plist