Agent Profiles

You can use agent profiles to apply a specific version to your linked agents via Tenable Nessus Manager. This can be helpful for testing; for example, you may want to schedule a testing period on a subset of your agents before upgrading all your agents to a new version. An agent profile allows you to apply a newer version to a subset of your agents for a limited time, and more broadly, allows you to upgrade and downgrade agents to different versions easily. You can only assign an agent to one profile.

Note: You cannot set agent profiles to versions earlier than 10.4.1. Agent profiles do not affect agents on versions earlier than 10.4.1.

Note: The agent profile version overrides the agent's Nessus Agent update plan setting. If you assign the agent a freeze window, the freeze window overrides both the Nessus Agent update plan and the agent profile. In this case, the agent remains on its current version and no software updates occur for that agent as long as the agent is assigned to the freeze window.

To manage agent profiles:

  1. In the top navigation bar, click Sensors.

    The Linked Agents page appears. By default, Linked Agents is selected in the left navigation menu and the Linked Agents tab is active.

  2. In the left navigation bar, click Agent Profiles.

    The Agent Profiles page appears.

Use the following procedures to manage your agent profiles:

Note: You cannot create an agent profile for an end-of-life (EOL) Tenable Nessus Agent version.

To create an agent profile:

  1. On the Agent Profiles page, click Add Agent Profile.

    The New Agent Profile page appears.

  2. Enter a Name for the agent profile.

  3. Select the agent profile's Version. This is the version that agents assigned to the profile are upgraded or downgraded to.

    You can set the agent profile to stay on the latest major version release (for example, 10.x) or the latest minor version release (for example, 10.4.x), or you can set the agent profile to a specific patch release (for example, 10.4.1).

    Note: Before a version can be applied to agents, the version package must be present in Tenable Nessus Manager's remote/agent_versions directory, which can be found in the following parent directories:

    • Linux — /opt/nessus/var/nessus

    • Windows — C:\ProgramData\Tenable\Nessus\nessus

    • macOS — /Library/Nessus/run/var/nessus

    You can download missing version packages by enabling the Enable Agent Updates setting or performing a manual software update.

  4. (Optional) Enter a Description for the agent profile.

  5. Click Add. Tenable Nessus Manager adds the new profile to the Agent Profiles page.

    Note: Unless you perform a manual software update, Tenable Nessus Manager does not download the packages for agents added to an agent profile until the next update interval. In turn, agents will not receive and apply those packages until their next update interval, which is every 24 hours by default. Therefore, it may take up to 48 hours to complete an agent profile version change.

    You can run the nessuscli fix --set auto_update_delay=1 command on Tenable Nessus Manager and a pilot group of agents to reduce the update interval to one hour, after which it may take up to two hours to complete an agent profile version change, providing there are no environmental issues.

You can link an agent to a profile by running the nessuscli agent link command and specifying the optional --profile-uuid argument. You can also link an agent to a profile during deployment by specifying the profile-uuid in the config.json file. Use the following procedure to view a profile's --profile-uuid.

To view an agent profile ID:

  1. On the Profiles page, click the agent profile that you want to view the ID of.

    The agent profile details page appears.

  2. In the Profile Details tab, the --profile-uuid is listed as UUID.

To edit an agent profile:

  1. On the Agent Profiles page, click in the row of the profile that you want to edit.

    The Edit Agent Profile window appears.

  2. Edit the agent profile name, version, and description as needed.

    Note: Before a version can be applied to agents, the version package must be present in Tenable Nessus Manager's remote/agent_versions directory, which can be found in the following parent directories:

    • Linux — /opt/nessus/var/nessus

    • Windows — C:\ProgramData\Tenable\Nessus\nessus

    • macOS — /Library/Nessus/run/var/nessus

    You can download missing version packages by enabling the Enable Agent Updates setting or performing a manual software update.

  3. Click Save.

    Tenable Nessus Manager saves your changes.

    Note: Unless you perform a manual software update, Tenable Nessus Manager does not download the packages for agents added to an agent profile until the next update interval. In turn, agents will not receive and apply those packages until their next update interval, which is every 24 hours by default. Therefore, it may take up to 48 hours to complete an agent profile version change.

    You can run the nessuscli fix --set auto_update_delay=1 command on Tenable Nessus Manager and a pilot group of agents to reduce the update interval to one hour, after which it may take up to two hours to complete an agent profile version change, providing there are no environmental issues.

Delete an agent profile if you no longer need the agent profile. You cannot undo an agent profile deletion.

To delete an agent profile:

  1. On the Agent Profiles page, click in the row of the profile that you want to delete.

    The Delete Agent Profile window appears.

  2. Click Delete to confirm the deletion.

    Tenable Nessus Manager deletes the agent profile and removes all the linked agents from the profile.

What to do next: