Advanced Settings

The Advanced Settings page allows you to manually configure agents. You can configure advanced settings from the Nessus Manager user interface, or from the agent command line interface. Nessus Agent validates your input values to ensure only valid configurations are allowed.

Tip: Customers with a large number of agents (10,000+) may want to configure the agent_merge_audit_trail, agent_merge_kb, agent_merge_journal_mode, and agent_merge_synchronous_setting settings. Modifying these settings can dramatically lower the amount of time it takes to merge agent scan results. Review the descriptions in the following table for suggested configurations.

Nessus Agent Advanced Settings

You can configure the following agent settings in the command line interface using the nessuscli utility.

Use the command # nessuscli fix --set setting=value. For more information, see Nessuscli Agent.

Name

Setting

Description

Default Valid Values
Always Validate SSL Server Certificates strict_certificate_validation

Always validate SSL server certificates, even during initial remote link (requires manager to use a trusted root CA).

no yes or no
Automatic Hostname Update update_hostname When enabled, when the hostname on the endpoint is modified the new hostname will be updated in the agent's manager. This feature is disabled by default to prevent custom agent names from being overridden. no yes or no
Disable Core Updates disable_core_updates When set to yes, the agent does not request automatic core updates. You can still upgrade software versions manually. The agent can still receive plugin updates. no yes or no

Nessus Agent Secure Settings

You can configure the following secure settings in the command line interface, using the nessuscli utility.

Use the command # nessuscli fix --secure --set setting=value. For more information, see Fix Secure Settings.

Caution: Tenable does not recommend changing undocumented --secure settings as it may result in an unsupported configuration.

Setting Description Valid Values
ignore_proxy

If enabled, the agent attempts a direct connection to the manager instead of using the set proxy, until it fails 10 times.

If disabled, the agent attempts to connect using the set proxy, until it fails three times.

This setting changes automatically, as described in Proxy Connection Fallback. You can also set this setting manually; however, if at any point the agent meets one of the conditions described in Proxy Connection Fallback, the agent automatically changes the setting.

yes or no

ms_proxy

When enabled, the a gent uses a proxy to connect to its manager. true or false
proxy The hostname or IP address of your proxy server. String

proxy_port

The port number of the proxy server. String
proxy_auth (Optional) If you want to use authentication to connect to the proxy, specify the authentication scheme. basic, digest, ntlm, or auto
proxy_username If using authentication to connect to the proxy, the name of a user account that has permissions to access and use the proxy server. String. If there are spaces, use quotes (").
proxy_password If authenticating with the proxy, password associated with the username. String

Nessus Manager Advanced Settings

You can configure the following settings in Nessus Manager, under the Agents & Scanners section. For more information, see Advanced Settings in the Nessus User Guide.

Name

Setting

Description

Default Valid Values
Agents Progress agents_progress_viewable When a scan gathers information from agents, Nessus Manager does not show detailed agents information if the number of agents exceeds this setting. Instead, a message indicates that results are being gathered and will be viewable when the scan is complete. 100

Integers.

If set to 0, this defaults to 100.

Automatically Download Agent Updates agent_updates_from_feed

When enabled, new Nessus Agent software updates are automatically downloaded.

yes yes or no
Concurrent Agent Software Updates cloud.manage.download_max The maximum concurrent agent update downloads. 10 Integers
Include Audit Trail Data agent_merge_audit_trail

Controls whether or not agent scan result audit trail data is included in the main agent database. Excluding audit trail data can significantly improve agent result processing performance.

Available in Nessus 8.3 and later.

false true or false
Include KB Data agent_merge_kb

Includes the agent scan result KB data in the main agent database. Excluding KB data can significantly improve agent result processing performance.

Available in Nessus 8.3 and later.

false true or false
Result Processing Journal Mode agent_merge_journal_mode

Sets the journaling mode to use when processing agent results. Depending on the environment, this can somewhat improve processing performance, but also introduces a small risk of a corrupted scan result in the event of a crash. For more details, refer to the sqlite3 documentation.

Available in Nessus 8.3 and later.

DELETE

MEMORY

TRUNCATE

DELETE

Result Processing Sync Mode agent_merge_synchronous_setting

Sets the filesystem sync mode to use when processing agent results. Turning this off will significantly improve processing performance, but also introduces a small risk of a corrupted scan result in the event of a crash. For more details, refer to the sqlite3 documentation.

Available in Nessus 8.3 and later.

FULL

OFF

NORMAL

FULL

Track Unique Agents track_unique_agents When enabled, Nessus Manager checks if MAC addresses of agents trying to link match MAC addresses of currently linked agents with the same hostname, platform, and distro. Nessus Manager deletes duplicates that it finds. no yes or no