Configure Tenable NessusTenable Web App Scanning for Tenable Security Center Offline

Required Tenable Security Center User Role: Administrator

Note:If you already configured Tenable Nessus + Tenable Web App Scanning for Tenable Security Center offline, you only need to repeat steps 3-5.

Before you begin:

To configure Tenable NessusTenable Web App Scanning for Tenable Security Center offline:

  1. On a system with Docker installed that is connected to the internet, run the following commands:

    docker pull tenable/was-scanner:latest

    docker save tenable/was-scanner:latest > was-scanner-image.tar

  2. Transfer the was-scanner-image.tar file to the Tenable Nessus scanner you want to configure as a Tenable Web App Scanning scanner.

  3. Ensure the Tenable Nessus scanner host you’re configuring:

    1. Install and run Docker version 20.0.0 or later on your Tenable Nessus host. Tenable recommends the official Docker builds and install packages.

      Note: If your scanner is configured to connect through a proxy, ensure that you configure the proxy settings directly in Docker.

    2. Ensure you are running Tenable Nessus version 10.6.1 or later.

    3. Ensure Tenable Nessus meets the Hardware Requirements.

    4. Run docker load < was-scanner-image.tar.

    5. Ensure tenable/was-scanner is visible when you run docker image ls.

  4. Enable the Tenable Web App ScanningCapable option for the Tenable Nessus scanner in Tenable Security Center, as described in Tenable Nessus Scanners.

  5. Add a scan zone in Tenable Security Center, as described in Add a Scan Zone.

  6. Add a universal repository for the scan data in Tenable Security Center, as described in Add a Repository.

  7. Configure your Tenable Web App Scanning credentials, as described in Add Credentials.

  8. Create a Web App Scanning scan policy, as described in Add a Scan Policy.

  9. Add a web app scan in Tenable Security Center, as described in Add a Web App Scan.