TOC & Recently Viewed

Recently Viewed Topics

Provisioning Nessus BYOL from the Microsoft Azure Marketplace

The Nessus BYOL is an instance of Nessus installed within Microsoft Azure that allows scanning of the Azure cloud environments and instances. Nessus BYOL capabilities include web application scanning and detection of vulnerabilities, compliance violations, misconfigurations, and malware.

Customers interested in leveraging Nessus BYOL to secure their environments and instances must first purchase a Nessus license either directly from the Tenable Store or from an authorized reseller. The license will provide an Activation Code to apply when provisioning Nessus from your Microsoft Azure account.

  1. To provision a Nessus BYOL instance, go to Microsoft Azure ( and log in.

  2. Click the green + to open the Azure Marketplace.

  3. Enter Tenable in the search box and the Tenable Nessus (BYOL) instance will appear below.

  4. Click Tenable Nessus (BYOL) to open the instance details. Choose an option under Select a deployment model and click Create to begin deployment of the Nessus BYOL virtual machine.

  5. Enter the configuration information on the Basics screen and click OK. Refer to the Nessus BYOL Scanner Basics table for details.

    Nessus BYOL Scanner Basics

    Option Description
    Name Descriptive name for the Nessus BYOL scanner.
    VM disk type Select between SSD and HDD drives.
    User name User account name used to access the Nessus BYOL scanner.
    Authentication type Select SSH public key.
    SSH public key Once generated, enter the SSH public key.
    Subscription Select the subscription to which the virtual machine will be added.
    Resource group Enter the name of a new Resource group or select an existing Resource group.
    Location Select the geographical location for the virtual machine.
  1. Once the Basics information is entered, instance sizes and pricing are displayed. Scroll down to view all of the available options. Choose a desired virtual machine size by clicking on one of the displayed options and clicking Select.

  2. On the Settings screen, enter the required information and click OK. Refer to the Nessus BYOL Scanner Settings table for details.

    Nessus BYOL Scanner Settings

    Option Description
    Storage accounts Create or select a storage account type and select Standard or Premium disk type.
    Network Create or select a virtual network where the Nessus BYOL will reside.
    Subnet Assign Nessus BYOL to a subnet in the virtual network.
    Public IP Address Option to create a public IP address so that the Nessus BYOL virtual machine is accessible outside the virtual network.
    Network security group Enables firewall rules to control traffic to and from the Nessus BYOL virtual machine.
    Extensions Adds new features, like configuration management or anti-virus protection, to your virtual machine.
    High availability Provides redundancy by grouping two or more virtual machines in an availability set.
    Monitoring Enable system diagnostics and create a diagnostics storage account to analyze the results.
  1. Offer details will display. Review, then click Purchase to buy the Nessus BYOL virtual machine you configured.

  2. If you are deploying the instance into an Azure Virtual Network, you must ensure it can reach TCP port 8834 on an IP address associated with the instance. This is needed to complete the configuration process, as well as for the use of the product.

  3. Configure the instance and/or the Azure Virtual Network so that Nessus can communicate with Tenable servers; this is required for registration and plugin updates. If for some reason this is not possible, please refer to the User Guide regarding off-line updates.

  4. Generally, you will connect to the public IP address (or external hostname) associated with an instance. If you are connecting to Nessus over a VPN to an Azure Virtual Network, it may be the private IP address. The IP addresses associated with the instance can be found under the virtual machine Settings.

  5. After the instance has initialized, open a browser and connect to the instance to complete the configuration. For example: https://<IP address or hostname>:8834

  6. The following welcome screen will be displayed:

To complete the configuration, please refer to the Nessus User Guide.

Note: Prior to scanning, you must request permission to conduct vulnerability and penetration testing on instances in the Microsoft Azure cloud environment. Please visit the following page to review the approval process and to submit a testing request:

Copyright 2017 - 2018 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc. Tenable,, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.