TOC & Recently Viewed

Recently Viewed Topics

Provisioning Nessus BYOL from the Microsoft Azure Marketplace

The Nessus BYOL is an instance of Nessus installed within Microsoft Azure that allows scanning of the Azure cloud environments and instances. Nessus BYOL capabilities include web application scanning and detection of vulnerabilities, compliance violations, misconfigurations, and malware.

Customers interested in leveraging Nessus BYOL to secure their environments and instances must first purchase a Nessus license either directly from the Tenable Store or from an authorized reseller. The license will provide an Activation Code to apply when provisioning Nessus from your Microsoft Azure account.

  1. To provision a Nessus BYOL instance, go to Microsoft Azure (https://manage.windowsazure.com) and log in.

  2. Click the green + (highlighted below) to open the Azure Marketplace.

  3. Enter Tenable in the search box (highlighted below) and the Tenable Nessus (BYOL) instance should appear below.

  4. Click Tenable Nessus (BYOL) to open the instance details. Choose an option under Select a deployment model and click Create to begin deployment of the Nessus BYOL virtual machine.

  5. Enter the configuration information on the Basics screen and click OK. Refer to Table 1 – Nessus BYOL Scanner Basics below for detailed information of each setting.

    Table 1 – Nessus BYOL Scanner Basics

    Option Description
    Name Descriptive name for the Nessus BYOL scanner
    VM disk type Select between SSD and HDD drives
    User name User account name used to access the Nessus BYOL scanner
    Authentication type Select SSH public key
    SSH public key Once generated, enter the SSH public key
    Subscription Select the subscription to which the virtual machine will be added
    Resource group Enter the name of a new Resource group or select an existing Resource group
    Location Select the geographical location for the virtual machine
  1. Once the“Basics information is entered, instance sizes and pricing is displayed. Scroll down to view all of the available options. Choose a desired virtual machine size by clicking on one of the displayed options and clicking Select (highlighted below).

  2. On the Settings screen, enter the following information and click OK”(highlighted below). Refer to Table -2 Nessus BYOL Scanner Settings below for details.

    Table 2 – Nessus BYOL Scanner Settings

    Option Description
    Storage accounts Create or select a storage account type and select Standard or Premium disk type
    Network Create or select a virtual network where the Nessus BYOL will reside
    Subnet Assign Nessus BYOL to a subnet in the virtual network
    Public IP Address Option to create a public IP address so that the Nessus BYOL virtual machine is accessible outside the virtual network
    Network security group Enables firewall rules to control traffic to and from the Nessus BYOL virtual machine
    Extensions Adds new features, like configuration management or anti-virus protection, to your virtual machine
    High availability Provides redundancy by grouping two or more virtual machines in an availability set
    Monitoring Enable system diagnostics and create a diagnostics storage account to analyze the results
  1. You are now presented with offer details. Review, then click Purchase to buy the Nessus BYOL virtual machine you have configured.

  2. If you are deploying the instance into an Azure Virtual Network, you must ensure you can reach TCP port 8834 on an IP address associated with the instance. This will be needed to complete the configuration process, as well as for the use of the product.

  3. Configure the instance and/or the Azure Virtual Network so that Nessus can communicate with Tenable servers; this is required for registration and plugin updates. If for some reason this is not possible, please refer to the Nessus User Guide regarding off-line updates.

  4. Generally, you will connect to the public IP address (or external hostname) associated with an instance. If you are connecting to Nessus over a VPN to an Azure Virtual Network, it may be the private IP address. The IP addresses associated with the instance can be found under the virtual machine Settings.

  5. After the instance has initialized, open a browser and connect to the instance to complete the configuration. For example: https://<IP address or hostname>:8834

  6. The following welcome screen will be displayed:


To complete the configuration, please refer to the Nessus User Guide.

Note: Prior to scanning, you must request permission to conduct vulnerability and penetration testing on instances in the Microsoft Azure cloud environment. Please visit the following page to review the approval process and to submit a testing request: https://security-forms.azure.com/penetration-testing/terms.

Copyright 2017 Tenable, Inc. All rights reserved. Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.  Tenable, Tenable.io, Assure, and The Cyber Exposure Company are trademarks of Tenable, Inc.  All other products or services are trademarks of their respective owners.