Triggered Agent Scans (Tenable Nessus Manager)
When you configure a Tenable Agent scan in Tenable Nessus Manager, Tenable Nessus Manager offers two agent scan types: Scan Window and Triggered Scan.
For scan window scans, Tenable Nessus Manager creates a timeframe (for example, the default is three hours) in which an agent group must report in order to be included in the scan results. You must schedule Tenable Nessus Manager to launch window scan at a scheduled time, or you must manually launch the scan from the Tenable Nessus Manager user interface (for example, if you schedule a three-hour agent window scan for every Monday, Tenable Nessus Manager pulls data updates from the agent group for three hours every Monday).
Agents can be triggered to launch scans using three different methods:
-
Interval trigger — Configure agents to scan at a certain time interval (for example, every 12 hours or every 24 hours).
-
File Name trigger — Configure agents to scan whenever a file with a specific file name is added to the agent trigger directory. One trigger file correlates to one scan launch; when you launch a scan with this method, the file is removed. The agent trigger directory location varies by operating system:
Operating System Location Windows C:\ProgramData\Tenable\Nessus Agent\nessus\triggers macOS /Library/NessusAgent/run/var/nessus/triggers Linux /opt/nessus_agent/var/nessus/triggers -
nessuscli trigger — Launch an existing triggered scan manually by running the following command in the Tenable Agent nessuscli utility:
# nessuscli scan-triggers --start --UUID=<scan-uuid>
You can also set multiple triggers for a single scan, and the scan searches for the triggers in their listed order (in other words, if the first trigger does not trigger the scan, it searches for the second trigger).
Note: Triggered scans are not affected by freeze windows.
Triggers vs. Scan Windows
Tenable recommends using triggered scans over scan window scans in many cases. Due to the scanning independence from Tenable Nessus Manager or user intervention and the multiple trigger options, triggered scanning offers more flexibility to meet the needs of your workflow, especially if you have a mobile workforce in multiple time zones.
Triggered scans can provide more consistent coverage than window scans and help overcome connectivity issues between Tenable Nessus Manager and linked agents. While scan window scans can create gaps in data coverage due to unresponsive or offline agents, triggered scans allow agents to scan and send data to Tenable Nessus Manager whenever the triggers occur; Tenable Nessus Manager accepts and processes data from triggered scans at any time.
Find Triggered Scan Details
In addition to managing triggered scans from Tenable Nessus Manager, you can view triggered scan details by running the following command in the Tenable Agent nessuscli utility:
# nessuscli scan-triggers --list
The --list command returns the agent's triggered scan details. These details include:
-
Scan name
-
Status (for example, uploaded)
-
Time of last activity (shown next to the status)
-
Scan description
-
Time of last policy modification
-
Time of last run
-
Scan trigger description
-
Scan configuration template
For more information about the Tenable Agent nessuscli utility, see Nessuscli Agent.
You can also view your agent trigger information in the agent trigger directory:
| Operating System | Location |
|---|---|
| Windows | C:\ProgramData\Tenable\Nessus Agent\nessus\triggers |
| macOS | /Library/NessusAgent/run/var/nessus/triggers |
| Linux | /opt/nessus_agent/var/nessus/triggers |