Perform an Offline Tenable Web App Scanning Plugins Update

Required Tenable Security Center User Role: Administrator

Note: If you have already updated Tenable Nessus plugins offline, or if you have updated plugins via the Tenable Security Center feed, skip to step 8.

Before you begin:

  • If you installed Tenable Security Center in an environment other than Tenable Core, install a temporary Tenable Nessus scanner on the same host as Tenable Security Center. You will use this temporary Tenable Nessus scanner to generate a challenge code for offline Tenable Security Center registration. Do not start or otherwise configure the temporary Tenable Nessus scanner.

  • Ensure that you are running Tenable Security Center 6.2 or later.

  • Ensure that you have a Tenable Web App Scanning license to use with Tenable Security Center

To perform an offline Tenable Security Center feed update:

  1. In the command line interface (CLI), run the following command to prevent the Tenable Nessus scanner from starting automatically upon restarting the system:

    /usr/bin/systemctl disable nessusd

  2. To obtain the challenge code for an offline Tenable Security Center registration, do one of the following:

    • If you deployed Tenable Security Center + Tenable Core, in Tenable Core, click the Tenable Security Center tab and save the challenge code.

    • If you installed Tenable Security Center in an environment other than Tenable Core, run the following command and save the challenge code:

      # /opt/nessus/sbin/nessuscli fetch --challenge

  3. In your browser, navigate to https://plugins-customers.nessus.org/offline.php.

  4. Paste the challenge code from Step 2 and your Activation Code in the corresponding boxes.

  5. Click Submit.

  6. On the next page, copy the link that starts with https://plugins.nessus.org/get.php... and save it as a favorite.

  7. In the saved link, change all-2.0.tar.gz to sc-was-plugins.tar.gz and change /get.php to /v2/wasnessus.php. The link should look like this: https://plugins.nessus.org/v2/wasnessus.php?f=sc-was-plugins.tar.gz… This link is needed for future use; save it in a secure location.

  8. Go to the favorite link you created.

    The page prompts you to download the sc-was-plugins.tar.gz file.

  9. Save the sc-was-plugins.tar.gz on the system used to access your Tenable Security Center UI.

  10. Log in to Tenable Security Center via the UI.

  11. Click System > Configuration.

    The Configuration page appears.

  12. Click Plugins/Feed.

    The Plugins/Feed Configuration page appears.

  13. In the Schedules section, expand the WAS Plugins options.

  14. Click Choose File and browse to the saved sc-was-plugins.tar.gz file.

  15. Click Submit.

    After several minutes, the plugin update finishes and the page updates the Last Updated date and time.

What to do next:

  • If you installed a temporary Tenable Nessus scanner on the same host as Tenable Security Center, uninstall the Tenable Nessus scanner.

  • Update the was-scanner Docker image on your Tenable Nessus scanners. When updating offline Tenable Web App Scanning plugins, always update the was-scanner Docker image and vice-versa.