Tenable Nessus Network Monitor Instances

Tenable Nessus Network Monitor (Tenable Nessus Network Monitor) is a patented network discovery and vulnerability analysis software solution that delivers real-time network profiling and monitoring for continuous assessment of an organization’s security posture in a non-intrusive manner. Tenable Nessus Network Monitor monitors network traffic at the packet layer to determine topology, services, and vulnerabilities. Where an active scanner takes a snapshot of the network in time, Tenable Nessus Network Monitor behaves like a security motion detector on the network.

Tenable.sc communicates with Tenable Nessus Network Monitor utilizing the XMLRPC protocol on port 8835 by default. For information about Tenable.sc-Nessus Network Monitor communications encryption, see Encryption Strength.

Note: It is important for you to restrict the data Tenable Nessus Network Monitor collects to only the desired IP address ranges. For example, if your attached Tenable Nessus Network Monitor collects information on 1100 hosts and Tenable.sc is licensed for 1000 hosts, Tenable.sc imports all of the Nessus Network Monitor data and indicates that you exceeded your host count. For more information, see License Requirements.

Tenable.sc will ask Tenable Nessus Network Monitor for the latest (if any) vulnerability report once every hour by default. The pull interval may be changed under the System Configuration page under the Update tab.

To fully configure passive scan data retrieval from Nessus Network Monitor:

  1. Configure Nessus Network Monitor, as described in Get Started in the Tenable Nessus Network Monitor User Guide.
  2. Add your Nessus Network Monitor license to Tenable.sc, as described in Apply a New License.
  3. Add an IPv4 or IPv6 repository for Nessus Network Monitor data in Tenable.sc, as described in Add a Repository.
  4. Add an Nessus Network Monitor instance in Tenable.sc, as described in Add an Nessus Network Monitor Instance.
  5. (Optional) Configure Nessus Network Monitor plugin import schedules, as described in Edit Plugin and Feed Settings and Schedules. By default, Tenable.sc checks for new passive vulnerability plugins every 24 hours and pushes them to your attached Tenable Nessus Network Monitor instances.

What to do next:

  • View vulnerability data filtered by your Nessus Network Monitor repository, as described in Vulnerability Analysis.

Considerations for Licensing

If you want Tenable.sc to push plugin updates to Nessus Network Monitor, you must add the product activation code to Tenable.sc. For more information, see Apply a New License.

For detailed information about plugins counted toward the Tenable.sc license count, see License Requirements.

Considerations for Nessus Network Monitor Discovery Mode

Your Nessus Network Monitor instances can run in two modes: discovery mode disabled and discovery mode enabled. For more information, see NNM Settings in the Tenable Nessus Network Monitor User Guide.

If discovery mode is enabled on an Nessus Network Monitor instance, Tenable.sc stores discovery mode asset data to Tenable.sc repositories. Since discovery mode only discovers limited asset data, the repository data appears incomplete.

Tenable.sc does not count IP addresses present only from Nessus Network Monitor instances in discovery mode toward your license count.