Link to Tenable Vulnerability Management

During initial installation, you can install Tenable Nessus as a remote scanner linked to Tenable Vulnerability Management. If you choose not to link the scanner during initial installation, you can link your Tenable Nessus scanner later. Once you link Tenable Nessus to Tenable Vulnerability Management, it remains linked until you unlink it.

Note: If you use domain allowlists for firewalls, Tenable recommends adding *.cloud.tenable.com (with the wildcard character) to the allowlist. This ensures communication with sensor.cloud.tenable.com, which the scanner uses to communicate with Tenable Vulnerability Management.

Note: If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

Before you begin:

  • Configure Tenable Nessus as described in Configure Tenable Nessus.
  • If the Tenable Nessus scanner is or was previously linked to Tenable Vulnerability Management, Tenable Security Center, or Tenable Nessus Manager, you need to unlink the scanner or run the nessuscli fix --reset-all command (for more information, see Fix Commands).

  • View and copy the Tenable Nessus scanner linking key. You need the linking key for step 4 of the following process. You can find it in the following Tenable Vulnerability Management menu: Settings > Sensors > Linked Scanners > Add Nessus Scanner.

To link Tenable Nessus to Tenable Vulnerability Management from the Tenable Nessus user interface:

  1. On the Welcome to Nessus screen, select Link Nessus to another Tenable product.

  2. Click Continue.

    The Managed Scanner screen appears.

  3. From the Managed by drop-down box, select Tenable Vulnerability Management.

  4. In the Linking Key box, type the linking key of your Tenable Vulnerability Management instance.

    Note: You can find the Tenable Nessus scanner linking key in the Add Nessus Scanner menu of Tenable Vulnerability Management.

  5. Click Continue.

    The Create a user account screen appears.

  6. Create a Tenable Nessus administrator user account that you use to log in to Tenable Nessus:
    1. In the Username box, enter a username.

    2. In the Password box, enter a password for the user account.

      Note: Passwords cannot contain Unicode characters.

  7. Click Submit.

    Tenable Nessus finishes the configuration process, which may take several minutes.

  8. Using the administrator user account you created, Sign In to Tenable Nessus.

To link Tenable Nessus to Tenable Vulnerability Management from the command-line interface (CLI):

If you registered or linked Tenable Nessus previously, you need to reset Tenable Nessus before linking to Tenable Vulnerability Management.

Run the following commands to reset Tenable Nessus and link to Tenable Vulnerability Management based on your operating system. To retrieve the linking key needed in the following commands, see Link a Sensor in the Tenable Vulnerability Management User Guide.

Note: The --reset-all command used in the following steps removes any existing users, data, settings, and configurations. Tenable recommends exporting scan data and creating a backup before resetting. For more information, see Backing Up Tenable Nessus.
Note: When running the adduser command in the following steps, create the user as a full administrator/system administrator when prompted.
Note: You must have root permissions or greater to run the link commands successfully.

  1. Open the Linux CLI.

  2. Run the following commands in the listed order:

    # service nessusd stop
    # cd /opt/nessus/sbin
    # ./nessuscli fix --reset-all
    # ./nessuscli adduser

  3. Do one of the following:

    • If you are linking to a Tenable Vulnerability Management FedRAMP site, run the following link command:

      # /opt/nessus/sbin/nessuscli managed link --key=<key> --host=fedcloud.tenable.com --port=443

    • If you are not linking to a FedRAMP site, run the following link command:

      # ./nessuscli managed link --key=<LINKING KEY> --cloud

      Tip: There are many scanner options that you can configure by adding optional parameters to the managed link command (for example, scanner name, custom CA path, and proxy server information). For more information, see Managed Scanner Commands.

  4. Run the following linking command:

    # service nessusd start

Note: You must have admin permissions to run the link commands successfully.

  1. Open the Windows CLI.

  2. Run the following commands in the listed order:

    net stop "tenable nessus"
    cd C:\Program Files\Tenable\Nessus
    nessuscli fix --reset-all
    nessuscli adduser

  3. Do one of the following:

    • If you are linking to a Tenable Vulnerability Management FedRAMP site, run the following link command:

      C:\Program Files\Tenable\Nessus\nessuscli.exe managed link --key=<key> --host=fedcloud.tenable.com --port=443

    • If you are not linking to a FedRAMP site, run the following link command:

      nessuscli managed link --key=<LINKING KEY> --cloud

      Tip: There are many scanner options that you can configure by adding optional parameters to the managed link command (for example, scanner name, custom CA path, and proxy server information). For more information, see Managed Scanner Commands.

  4. Run the following command:

    net start "tenable nessus"
Note: You must have admin permissions to run the link commands successfully.

  1. Open Terminal.

  2. Run the following commands in the listed order:

    # launchctl unload -w /Library/LaunchDaemons/com.tenablesecurity.nessusd.plist
    # /Library/Nessus/run/sbin/nessuscli fix --reset-all
    # /Library/Nessus/run/sbin/nessuscli adduser

  3. Do one of the following:

    • If you are linking to a Tenable Vulnerability Management FedRAMP site, run the following link command:

      # /Library/Nessus/run/sbin/nessuscli managed link --key=<key> --host=fedcloud.tenable.com --port=443

    • If you are not linking to a FedRAMP site, run the following link command:

      # /Library/Nessus/run/sbin/nessuscli managed link --key=<LINKING KEY> --cloud

      Tip: There are many scanner options that you can configure by adding optional parameters to the managed link command (for example, scanner name, custom CA path, and proxy server information). For more information, see Managed Scanner Commands.

  4. Run the following command:

    # launchctl load -w /Library/LaunchDaemons/com.tenablesecurity.nessusd.plist