Add an Agent Scan

Required Tenable Security Center User Role: Organizational user with appropriate permissions. For more information, see User Roles.

You can create agent scans in Tenable Security Center using the Advanced Agent Scan template. For more information, see Scan Policy Templates.

For more information, see Agent Scans and Agent Scan Settings.

Note: If you are scanning a Linux machine with Tenable Security Center, the Linux machine's shell configuration file must have a PS1 variable of four or more characters (for example, PS1='\u@\h:~\$ '). Having a PS1 variable of less than four characters (for example, PS1='\$ ') can drastically increase the overall scan time.

Before you begin:

  • Confirm you understand the complete agent scanning configuration process, as described in Agent Scanning.

  • (Optional) Configure an Advanced Agent Scan policy template, as described in Add a Scan Policy.

To add an agent scan:

  1. Log in to Tenable Security Center via the user interface.

  2. In the left navigation, click Scans > Agent Scans.

    The Agent Scans page appears.

  3. At the top of the table, click Add.

    The Add Agent Scan page appears.

  4. Click General.

  5. Type a Name for the scan.

  6. (Optional) Type a Description for the scan.

  7. (Optional) To reference an Advanced Agent Scan policy in the scan:

    1. Click Custom Policy to enable the toggle.

    2. In the Policy drop-down menu, select the Advanced Agent Scan policy.

  8. Select an Agent Scanner.

  9. Select one or more Agent Groups.

  10. Select a Scan Type:

    Scan Type Description
    Scan Window

    A Scan Window is the duration of time that an agent has from the scheduled scan start time to receive the scan job, run the scan, and upload the results. If you select this scan type, the following options appear:

    • Scan Window - Specify the amount of time Tenable Security Center waits before fetching the results of the agent scan: 15 minutes, 30 minutes, 1 hour, 3 hours, 6 hours, 12 hours, or 1 day.

      If Tenable Security Center fetches results for the scan before the scan completes, Tenable Security Center displays the results available at the time the scan window expired. The agent scan continues to run in Tenable Vulnerability Management or Tenable Nessus Manager during the scan window specified in Tenable Vulnerability Management or Tenable Nessus Manager, even if the scan window in Tenable Security Center expires.

      Note: To view complete agent scan result data in Tenable Security Center, Tenable recommends setting a Scan Window value that allows your agent scans to complete before Tenable Security Center fetches the results.

    • Schedule - Specify the frequency you want Tenable Security Center to fetch agent scan results: Now, Remediation, Once, Daily, Weekly, Monthly, or On Demand.

      Note: If you schedule your scan to repeat monthly, Tenable recommends setting a start date no later than the 28th day. If you select a start date that does not exist in some months (e.g., the 29th), Tenable Security Center cannot run the scan on those days.

      Tip: Retrieve agent scan results as close to the completion time of the scan as possible to most accurately display within Tenable Security Center when the scan discovered the vulnerability results.

    Triggered

    A Triggered scan configuration allows the agent or agent group to launch the scan without user intervention. If you select this scan type, the following options appear:

    • Interval - Enable this option to trigger the scan at a set time interval, in days or hours.

    • Filename - Enable this option to trigger the scan when a file with a specific file name is added to the agent trigger directory. The trigger file disappears after the scan begins. The agent trigger directory location varies by operating system:

      Operating System

      Location

      Windows

      C:\ProgramData\Tenable\Nessus Agent\nessus\triggers

      macOS

      /Library/NessusAgent/run/var/nessus/triggers

      Linux

      /opt/nessus_agent/var/nessus/triggers

    If you enable both the Interval and Filename options, the scan searches for triggers in order. In other words, if the first trigger does not trigger the scan, the scan searches for the second trigger.

    Note: Agents perform triggered scans automatically, and do not require an admin to launch or schedule them to launch at a particular time. Triggered scans also do not generate a scan DB or UUID.

    Note: After you create a triggered agent scan, a background agent synchronization job begins. This agent synchronization job downloads triggered agent scan results and imports them into the repository selected for the triggered agent scan. When the last triggered agent scan for that scanner is deleted, the background agent synchronization job is deleted. This agent synchronization job does not appear on the Agent Synchronization Jobs page.

  11. Click Settings.

  12. Select an Import Repository for the scan.

  13. (Optional) Click Post Scan. The Post Scan section does not appear if the agent scan type is Triggered.

    • If you want to configure automatic report generation, click Add Report. For more information, see Add a Report to a Scan.

  14. Click Submit.

    Tenable Security Center saves your configuration.

What to do next: