Add a Tenable Nessus Scanner

Required User Role: Administrator

For more information, see Tenable Nessus Scanners.

Note: Tenable Security Center cannot perform scans with or update plugins for scanners running unsupported versions of Tenable Nessus. For minimum Tenable Nessus scanner version requirements, see the Tenable Security Center Release Notes for your version.

Note:Tenable Security Center does not send plugins to linked Nessus Managers. Nessus Manager pulls plugins directly from Tenable's plugin sites. Therefore, to update plugin sets, Nessus Manager needs access to the internet and Tenable's plugin sites (for more information, see the Which Tenable sites should I allow? community article). If your Nessus Manager does not have internet access, you can manually update its version and plugins offline (for more information, see Manage Nessus Offline in the Nessus User Guide).

To add a Tenable Nessus scanner to Tenable Security Center:

  1. Log in to Tenable Security Center via the user interface.

  2. In the left navigation, click Resources > Tenable Nessus Scanners.

    The Tenable Nessus Scanners page appears.

  3. At the top of the table, click Add.

    The Add Tenable Nessus Scanner page appears.

  4. Configure Tenable Nessus scanner options, as described in Tenable Nessus Scanners.

    1. In the Name box, type a name for the scanner.

    2. In the Description box, type a description for the scanner.

    3. In the Host box, type the hostname or IP address for the scanner.

    4. In the Port box, view the default (8834) and modify, if necessary.

    5. If you want to disable this scanner's connection to Tenable Security Center, click Enabled to disable the connection.

    6. If you want to verify that the hostname or IP address entered in the Host option matches the CommonName (CN) presented in the SSL certificate from the Tenable Nessus scanner, click Verify Hostname to enable the toggle.

    7. If you want to use the proxy configured in Tenable Nessus for communication with the scanner, click Use Proxy to enable the toggle.

    8. In the Type drop-down box, select the authentication type.

    9. If you selected Password as the Type:

      1. In the Username box, type the username for the account generated during the Tenable Nessus installation for daemon-to-client client communications.

      2. In the Password box, type the password associated with the username you provided.

    10. If you selected SSL Certificate as the Type:

      1. Click Choose File to upload the nessuscert.pem file you want to use for authentication to the scanner. For more information, see Manual Tenable Nessus SSL Certificate Exchange.

      2. (Optional) If the private key that decrypts your SSL certificate is encrypted with a passphrase, in the Certificate Passphrase box, type the passphrase for the private key.

    11. Check the box for all active scan zones you want to use this scanner.

    12. If you want this scanner to provide Tenable Nessus Agent scan results to Tenable Security Center:

      1. Click Agent Capable to enable the toggle.

      2. Check the box for one or more Organizations that you want to grant access to import Tenable Nessus Agent data into Tenable Security Center.

      3. If you want to use secure API keys when importing agent scan data from Tenable Nessus scanners:

        1. Click API Keys to enable the toggle.

        2. In the Access Key box, type the access key.

        3. In the Secret Key box, type the secret key.

  5. Click Submit.

    Tenable Security Center saves your configuration.

What to do next:

  • Configure a scan zone, repository, and active scan objects, as described in Active Scans.