Tenable Nessus Network Monitor Instances

Tenable Nessus Network Monitor (Tenable Nessus Network Monitor) is a patented network discovery and vulnerability analysis software solution that delivers real-time network profiling and monitoring for continuous assessment of an organization’s security posture in a non-intrusive manner. Tenable Nessus Network Monitor monitors network traffic at the packet layer to determine topology, services, and vulnerabilities. Where an active scanner takes a snapshot of the network in time, Tenable Nessus Network Monitor behaves like a security motion detector on the network.

Tenable Security Center communicates with Tenable Nessus Network Monitor utilizing the XMLRPC protocol on port 8835 by default. For information about Tenable Security Center-Tenable Nessus Network Monitor communications encryption, see Encryption Strength.

Note: It is important for you to restrict the data Tenable Nessus Network Monitor collects to only the desired IP address ranges. For example, if your attached Tenable Nessus Network Monitor collects information on 1100 hosts and Tenable Security Center is licensed for 1000 hosts, Tenable Security Center imports all of the Tenable Nessus Network Monitor data and indicates that you exceeded your host count. For more information, see License Requirements.

Tenable Security Center will ask Tenable Nessus Network Monitor for the latest (if any) vulnerability report once every hour by default. The pull interval may be changed under the System Configuration page under the Update tab.

To fully configure passive scan data retrieval from Tenable Nessus Network Monitor:

  1. Configure Tenable Nessus Network Monitor, as described in Get Started in the Tenable Nessus Network Monitor User Guide.
  2. Add your Tenable Nessus Network Monitor license to Tenable Security Center, as described in Apply a New License.
  3. Add an IPv4, IPv6, or Universal repository for Tenable Nessus Network Monitor data in Tenable Security Center, as described in Add a Repository.
  4. Add an Tenable Nessus Network Monitor instance in Tenable Security Center, as described in Add a Tenable Nessus Network Monitor Instance.
  5. (Optional) Configure Tenable Nessus Network Monitor plugin import schedules, as described in Edit Plugin and Feed Settings and Schedules. By default, Tenable Security Center checks for new passive vulnerability plugins every 24 hours and pushes them to your attached Tenable Nessus Network Monitor instances.

What to do next:

  • View vulnerability data filtered by your Tenable Nessus Network Monitor repository, as described in Vulnerability Analysis.

Considerations for Licensing

If you want Tenable Security Center to push plugin updates to Tenable Nessus Network Monitor, you must add the product activation code to Tenable Security Center. For more information, see Apply a New License.

For detailed information about plugins counted toward the Tenable Security Center license count, see License Requirements.

Considerations for Tenable Nessus Network Monitor Discovery Mode

Your Tenable Nessus Network Monitor instances can run in two modes: discovery mode disabled and discovery mode enabled. For more information, see NNM Settings in the Tenable Nessus Network Monitor User Guide.

If discovery mode is enabled on an Tenable Nessus Network Monitor instance, Tenable Security Center stores discovery mode asset data to Tenable Security Center repositories. Since discovery mode only discovers limited asset data, the repository data appears incomplete.

Tenable Security Center does not count IP addresses present only from Tenable Nessus Network Monitor instances in discovery mode toward your license count.