Patch Management

Nessus can leverage credentials for patch management systems to perform patch auditing on systems for which credentials may not be available to the Nessus scanner. Nessus supports:

  • Dell KACE K1000

  • HCL BigFix

  • Microsoft System Center Configuration Manager (SCCM)

  • Microsoft Windows Server Update Services (WSUS)

  • Red Hat Satellite Server

  • Symantec Altiris

You can configure patch management options in the Credentials section while creating a scan, as described in Create a Scan.

IT administrators are expected to manage the patch monitoring software and install any agents required by the patch management system on their systems.

Note: If the credential check sees a system but it is unable to authenticate against the system, it uses the data obtained from the patch management system to perform the check. If Nessus is able to connect to the target system, it performs checks on that system and ignores the patch management system output.

Note: The data returned to Nessus by the patch management system is only as current as the most recent data that the patch management system has obtained from its managed hosts.

Scanning with Multiple Patch Managers

If you provide multiple sets of credentials to Nessus for patch management tools, Nessus uses all of them.

If you provide credentials for a host and for one or more patch management systems, Nessus compares the findings between all methods and report on conflicts or provide a satisfied finding. Use the Patch Management Windows Auditing Conflicts plugins to highlight patch data differences between the host and a patch management system.