General Considerations

The following are some common questions that you should answer before deploying Tenable Nessus Agents:

  • What operating system do you plan to deploy the Tenable Nessus Agent on?

    • Linux (Debian/RHEL/Fedora/Ubuntu)
    • Windows (Win 10, Win Server 2012/2016 R2)
    • OS X (10.8+)
  • How many Tenable Nessus Agents do you plan to deploy?
    • Fewer than 1,000
    • More than 1,000 and fewer than 5,000
    • More than 5,000 and fewer than 10,000
    • More than 10,000

    Note: In deployment scenarios with more than 10,000 agents you should consider optimizing performance with agent group sizing and scan staggering as discussed in Large-Scale Deployments.

  • What are the typical hardware specifications of the hosts where you want to install Tenable Nessus Agents? For example, consider disk space, disk type and speed, CPU, cores, and RAM.
  • Are there any countermeasures that exist on the host that would prevent the egress communications from the Tenable Nessus Agent to the Tenable Nessus Manager (DST: TCP/8834 [default, customizable])?
  • Are there any countermeasures that exist on the host that would prevent the agent process from executing?

    Note: See File and Process Allow List for a list of files and processes to allow per operating system.

  • How do you plan to deploy Tenable Nessus Agents across the enterprise? For example, do you want to use an enterprise deployment technology such as Active Directory, SMS, Microsoft SCCM, and/or Red Hat Satellite?
  • Do you want to deploy Tenable Nessus Agents to virtual or non-persistent systems? If so, consider adding the agent to your base device template. Tenable recommends that you review your organization's process for commissioning and decommissioning virtual/non-persistent hosts to ensure successful activation or deactivation of the Tenable Nessus Agents.
  • How do you plan to track the ratio of potentially deployable agent assets to actual assets with deployed agents?
  • How do you plan to track the health and status of the agent on the host? For example, you might want to monitor for condition x (where x is the status of the service or the registration status of the agent); if that condition is present, you might then trigger an action or notification.
  • What naming schema would best fit the infrastructure where deployed agents exist? It is important to plan how you would like to organize the breakdown of hosts running agents.
  • Do you plan to supplement agent-based scanning with traditional network scans? How do you plan to maintain vulnerability information across agent and network scans? How do you plan to manage multiple repositories?