Credentials Configuration

Note: You do not need to configure credentials for Tenable Nessus Agent scans. Tenable Nessus Agents already have the access needed for local security checks because they are installed directly on the asset.

The scan's Credentials configuration determines what credentials the Nessus scanners have for scanning your organization's assets. Giving your Nessus scanners credentials (referred to as credentialed scanning) allows you to scan a large network while also scanning for local exposures that require further credentials to access. You can assign credentials to your scanners at three different levels: individual scans, scan templates, and at the global Tenable Vulnerability Management-level, known as managed credentials.

In general, giving your scanners more credentials allows them to authenticate more assets, but this ultimately depends on the scan targets and your environment. However, the scan may take longer to complete.

Fully credentialed scans may take longer to complete. However, this depends on other scan configurations and the targets being assessed. In general, fully credentialed scans are preferred, as they create less network overhead and up to ten times more information is returned to help with risk identification and prioritization.

Credentials need to have proper privileges to work (for more information, see Nessus Credentialed Checks in the Nessus User Guide). You may also want to provide additional security controls for credential management (for more information, see the How to Protect Scanning Credentials: Overview blog article).

For more information about scan credential settings, see Credentials in Vulnerability Management Scans.