Install the Tenable On-Prem Connector

Prerequisites

Before installing the Tenable On-Prem connector, ensure the following requirements are met:

  • Within Tenable One, ensure you have a user with the appropriate permissions to manage third party connectors.

    Tip: For more information on configuring user permissions, see Permissions in the Tenable Vulnerability Management User Guide.

  • Confirm your Tenable Core environment supports your intended use of the instance as described in System and License Requirements in the Tenable Core + Nessus User Guide.

  • Confirm your internet and port access supports your intended use of the instance as described in Access Requirements in the Tenable Core + Nessus User Guide.

  • Hardware Requirements:

    Requirement Details
    CPU 4 2GHz cores
    Memory 4 GB RAM (8 GB RAM recommended)
    Disk Space 30 GB, not including space used by the host operating system

  • Network Requirements:

    Port Details

    TCP 443

    		 Outbound communications to the appliance.cloud.tenable.com and sensor.cloud.tenable.com servers for system updates.
    UDP 53 Outbound DNS communications for Tenable Nessus, Tenable OT Security Enterprise Manager, and Tenable Core.

    UDP 51820

    The port must be open and pointing to your region-based server URL.

    Tip: You can find the region-based server URL on the Add Connector page when you create the Tenable On-Prem connector within Tenable Exposure Management.
    TCP 8000

    Inbound access to the web interface.

    TCP XXX

    An internal network with access to the systems you want Tenable to assess.

Installation

To deploy Tenable Core as a VMware virtual machine, you must download the Tenable Core .ova file and deploy it on a hypervisor.

To deploy Tenable Core as a VMware virtual machine:

  1. Download the Tenable Core Nessus VMware Image file from the Tenable Downloads page.

  2. Open your VMware virtual machine in the hypervisor.

  3. Import the Tenable Core VMware .ova file from your computer to your virtual machine.

    Tip: For information about how to import a .ova file to your virtual machine, see the VMware documentation.

  4. In the setup prompt, configure the virtual machine to meet your organization's storage needs and requirements, and those described in System and License Requirements in the Tenable Core + Nessus User Guide.

  5. Launch your Tenable Core instance.

    The virtual machine boot process appears in a terminal window. The boot process may take several minutes to complete. When the virtual machine boot process finishes, the Tenable Core + Tenable Nessus deployment is complete.

Configuration

The Tenable On-Prem connector requires configuration to establish a connection with Tenable One. This procedure typically involves the generation of a pairing key within the Tenable One user interface, which is subsequently provided to the gateway during the setup phase.

To configure the Tenable On-Prem connector:

  1. In Tenable Exposure Management, through the Connector Library, add a new Tenable On-Prem connector.

    Tip: For more information on adding connectors within Tenable Exposure Management, see Manage Connectors in the Tenable Exposure Management User Guide.

    The add connector page appears.

    Tip: Here you can find your region-based server URL required for your network configuration.

  2. In the On-Prem Name text box, type a descriptive name for the connector.

  3. Copy and save the Pairing Key for later use.

  4. Click Save.

    You return to the Connector Library.

  5. Follow the steps to Add a Connector for your desired connector type, for example, Rapid7.

  6. From the On-Prem drop-down, select the Tenable On-Prem connector you previously configured.

  7. Click Save.

Finalize the Connection

Lastly, you must link the connector to your Tenable Core on-premise installation.

To finalize the connection:

  1. In your browser, navigate to the following URL, where tenable-ip is your Tenable IP address.

    https://<tenable-ip>:8000

    Your Tenable Core on-premise installation appears.

  2. In the navigation menu, select Tenable One On-Prem Connector.

    A prompt appears.

  3. Paste the Pairing Key that you generated within Tenable Exposure Management.

  4. Click Complete Pairing.

    Note: In some instances, you may need to allow administrative access by clicking the button.

    Upon successful establishment of communication via UDP port 51820, a new network interface named wg0 appears in the Connectors table. Additionally, you should see evidence of received packets.

    Within the connector table, each connector is represented by an expandable entry detailing the internal IP address and port necessary for data acquisition. The table presents an expandable line for each connector, specifying the internal IP address and port essential for retrieving data.

    Tip: If only transmitted data is visible and received data is absent, the UDP connection is not established and therefore requires further troubleshooting.