Tenable Network Monitor Instances
Tenable Network Monitor (Tenable Network Monitor) is a patented network discovery and vulnerability analysis software solution that delivers real-time network profiling and monitoring for continuous assessment of an organization’s security posture in a non-intrusive manner. Tenable Network Monitor monitors network traffic at the packet layer to determine topology, services, and vulnerabilities. Where an active scanner takes a snapshot of the network in time, Tenable Network Monitor behaves like a security motion detector on the network.
Tenable Security Center communicates with Tenable Network Monitor utilizing the XMLRPC protocol on port 8835 by default. For information about Tenable Security Center-Tenable Network Monitor communications encryption, see Encryption Strength.
Note: It is important for you to restrict the data Tenable Network Monitor collects to only the desired IP address ranges. For example, if your attached Tenable Network Monitor collects information on 1100 hosts and Tenable Security Center is licensed for 1000 hosts, Tenable Security Center imports all of the Tenable Network Monitor data and indicates that you exceeded your host count. For more information, see License Requirements.
Tenable Security Center will ask Tenable Network Monitor for the latest (if any) vulnerability report once every hour by default. The pull interval may be changed under the System Configuration page under the Update tab.
To fully configure passive scan data retrieval from Tenable Network Monitor:
- Configure Tenable Network Monitor, as described in Get Started in the Tenable Network Monitor User Guide.
- Add your Tenable Network Monitor license to Tenable Security Center, as described in Apply a New License.
- Add an IPv4, IPv6, or Universal repository for Tenable Network Monitor data in Tenable Security Center, as described in Add a Repository.
- Add an Tenable Network Monitor instance in Tenable Security Center, as described in Add a Tenable Network Monitor Instance.
- (Optional) Configure Tenable Network Monitor plugin import schedules, as described in Edit Plugin and Feed Settings and Schedules. By default, Tenable Security Center checks for new passive vulnerability plugins every 24 hours and pushes them to your attached Tenable Network Monitor instances.
What to do next:
- View vulnerability data filtered by your Tenable Network Monitor repository, as described in Vulnerability Analysis.
Considerations for Licensing
If you want Tenable Security Center to push plugin updates to Tenable Network Monitor, you must add the product activation code to Tenable Security Center. For more information, see Apply a New License.
For detailed information about plugins counted toward the Tenable Security Center license count, see License Requirements.
Considerations for Tenable Network Monitor Discovery Mode
Your Tenable Network Monitor instances can run in two modes: discovery mode disabled and discovery mode enabled. For more information, see NNM Settings in the Tenable Network Monitor User Guide.
If discovery mode is enabled on an Tenable Network Monitor instance, Tenable Security Center stores discovery mode asset data to Tenable Security Center repositories. Since discovery mode only discovers limited asset data, the repository data appears incomplete.
Tenable Security Center does not count IP addresses present only from Tenable Network Monitor instances in discovery mode toward your license count.