You are here: Features > Resources > Passive Vulnerability Scanners

Passive Vulnerability Scanners

Tenable’s Passive Vulnerability Scanner (PVS) is a patented network discovery and vulnerability analysis software solution, that delivers real-time network profiling and monitoring for continuous assessment of an organization’s security posture in a non-intrusive manner. The PVS monitors network traffic at the packet layer to determine topology, services, and vulnerabilities. Where an active scanner takes a snapshot of the network in time, the PVS behaves like a security motion detector on the network.

SecurityCenter communicates with PVS 4.0 or higher utilizing the XMLRPC protocol on port 8835 by default.

SecurityCenter will ask the PVS for the latest (if any) vulnerability report once every hour by default. The pull interval may be changed under the System Configuration page under the Update tab.

By default, SecurityCenter will check every 24 hours to see if any new passive vulnerability plugins have been downloaded from Tenable and will push them out to each PVS scanner. SecurityCenter must have a valid PVS Activation Code to retrieve plugin updates from Tenable and send plugin updates to the attached PVS scanners.

The screen capture below shows a listing of PVS scanners:

To configure one or more of Tenable’s PVS servers, under the “Resources” menu select “Passive Vulnerability Scanners”. This will produce a list of all configured PVS devices by name, their host, version, status, uptime, and the last time of the last retrieved report. Selecting the “Update Status” button from the Options menu will initiate a connection from SecurityCenter to obtain and refresh the status of the PVS scanners.

To add a scanner, click the “Add” button. Items with a star (*) next to them indicate information that is required that does not have a default setting. A screen capture of the “Add Scanner” dialog is shown below:

The table below provides details about the available options for adding a PVS scanner:




Descriptive name for the PVS scanner.


Scanner description, location, or purpose.


Hostname or IP address of the scanner.


TCP port that the PVS scanner listens on for communications from SecurityCenter. The default is port 8835.


A scanner may be marked as “Enabled” or “Disabled” within SecurityCenter to allow or prevent access to the scanner.

Authentication Type

Select Password or SSL Certificate for the authentication type to connect to the PVS scanner.


Username generated during the PVS install for daemon to client communications. This must be an administrator user in order to send plugin updates to the PVS scanner. This field is only available if the Authentication Type is set to “Password”.


The login password must be entered in this field. This field is only available if the Authentication Type is set to “Password”.


This field is available if the Authentication Type is “SSL Certificate”. Select the “Browse” button, choose a SSL Certificate file to upload, and upload to the SecurityCenter.

Verify Hostname

Adds a check to verify that the hostname or IP address entered in the “Host” field matches the CommonName (CN) presented in the SSL certificate from the PVS server.

Use Proxy

Instructs SecurityCenter to use its configured proxy for communication with the scanner.


The repositories which this PVS scanner will save its data to. If PVS will be reporting IPv4 and IPv6 data, at least two repositories (one for IPv4 and one for IPv6 data) must be selected.

SecurityCenter will add all data collected by a PVS to the repository(s) that are configured for it. Therefore it is important for the PVS to restrict the data it is collecting to only the desired IP range(s). For example, if the attached PVS collects information on 1100 hosts and the SecurityCenter is licensed for only 1000 hosts, SecurityCenter will import all of the collected data and indicate that the host count has exceeded the licensed amount of hosts.

Copyright © 2016. Tenable Network Security, Inc. All rights reserved. Tenable Network Security and Nessus are registered trademarks of Tenable Network Security, Inc. SecurityCenter Continuous View, Passive Vulnerability Scanner, and Log Correlation Engine are trademarks of Tenable Network Security, Inc. All other products or services are trademarks of their respective owners.