TOC & Recently Viewed

Recently Viewed Topics

User Profile Page

The User Profile page includes the following sections:

  • Account Settings
  • Change Password
  • Plugin Rules
  • API Keys

Tip: For instructions on performing the actions available on the User Profile page, see the related How To section of this guide.

Account Settings

The Account Settings section displays settings for the current authenticated user. Usernames cannot be changed. Based on your Nessus product, the following information appears in this section:



Username (email address)

Full Name


User Type

Nessus Manager


Full Name


User Type

Nessus Professional


User Type

Change Password

The Change Password section allows you to change your password. Users with administrative privileges can change other user passwords.

To change another user’s password, log in to Nessus as a user with administrative privileges, and select the button, and then navigate to the Users section of the Accounts page.

Plugin Rules

Plugin Rules allow you to hide or change the severity of any given plugin. In addition, rules can be limited to a specific host or specific time frame. From this page you can view, create, edit, and delete your rules.

The Plugin Rules section provides a facility to create a set of rules that dictate the behavior of certain plugins related to any scan performed. A rule can be based on the Host (or all hosts), Plugin ID, an optional Expiration Date, and manipulation of Severity.

This allows you to reprioritize the severity of plugin results to better account for your organization’s security posture and response plan.

API Keys

API Keys consist of an Access Key and a Secret Key, and are used to authenticate with the Nessus REST API (version 6.4 or greater) and passed with requests using the "X-ApiKeys" HTTP header.

Select the Generate button to create an Access Key and a Secret Key.


  • API Keys are only presented upon initial generation. Please store API Keys in a safe location, as they cannot be retrieved later.
  • API Keys cannot be retrieved by Nessus. If lost, an API Key must be regenerated.
  • Regenerating an API Key will immediately deauthorize any applications currently using the key.

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable,, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.