Business Units

Tenable Patch Management agents that are not in a business unit will not receive updates, much like how Tenable Nessus Agents that are not in an agent group will not receive scans. For proof of concept or demo purposes, a single business unit is sufficient. However, for production use, you should separate your systems logically. Workstations belong in a different business unit from servers, for example. Different business units will receive updates at different times.

One use case for business units is a group of systems that receive updates earlier than everything else. These systems may be in a lab or they may be production systems that have a low business criticality. By deploying updates to these systems first, if you have any problems, you can cancel those updates before they get deployed to other systems.

You can also use business units to define scopes for exceptions, when you don't want to deploy an update for whatever reason. Business units are an important concept to familiarize yourself with.

To create a business unit:

1. In the left menu, navigate to Business Units > Business Units > New.

2. Enter a name for the new business unit.

3. Scroll down to business unit scope.

   1. Click add devices.

   2. Select one or more agents.

4. Click Save to record the Business Unit configuration.