Tenable Network Monitor Instances

Tenable Network Monitor is a patented network discovery and vulnerability analysis solution. It provides real-time network profiling and continuous monitoring of your organization's security posture in a non-intrusive manner. Tenable Network Monitor monitors network traffic at the packet layer to determine topology, services, and vulnerabilities. While an active scanner takes a snapshot of the network at a specific time, Tenable Network Monitor acts as a continuous security monitor on your network.

Tenable Security Center uses the XMLRPC protocol on port 8835 by default to communicate with Tenable Network Monitor. For more information about communication encryption, see Encryption Strength.

Note: You must restrict the data Tenable Network Monitor collects to your desired IP address ranges. For example, if your attached Tenable Network Monitor collects information on 1,100 hosts and your Tenable Security Center license is for 1,000 hosts, Tenable Security Center imports all Tenable Network Monitor data and indicates that you exceeded your host count. For more information, see License Requirements.

Tenable Security Center requests the latest vulnerability report from Tenable Network Monitor hourly by default. You can change the pull interval in your External Schedules Settings.

To fully configure passive scan data retrieval from Tenable Network Monitor:

  1. Configure Tenable Network Monitor, as described in Get Started in the Tenable Network Monitor User Guide.
  2. Add your Tenable Network Monitor license to Tenable Security Center, as described in Apply a New License.
  3. Add an IPv4, IPv6, or Universal repository for Tenable Network Monitor data in Tenable Security Center, as described in Add a Repository.
  4. Add a Tenable Network Monitor instance in Tenable Security Center, as described in Add a Tenable Network Monitor Instance.
  5. (Optional) Configure Tenable Network Monitor plugin import schedules, as described in Edit Plugin and Feed Settings and Schedules. By default, Tenable Security Center checks for new passive vulnerability plugins every 24 hours and pushes them to your attached Tenable Network Monitor instances.

What to do next:

  • View vulnerability data filtered by your Tenable Network Monitor repository, as described in Vulnerability Analysis.

Considerations for Licensing

If you want Tenable Security Center to push plugin updates to Tenable Network Monitor, you must add the product activation code to Tenable Security Center. For more information, see Apply a New License.

For detailed information about which plugins count toward your Tenable Security Center license, see License Requirements.

Considerations for Tenable Network Monitor Discovery Mode

You can run Tenable Network Monitor instances in two modes: discovery mode disabled or discovery mode enabled. For more information, see Tenable Network Monitor Settings in the Tenable Network Monitor User Guide.

If you enable discovery mode on a Tenable Network Monitor instance, Tenable Security Center stores discovery mode asset data in Tenable Security Center repositories. Because discovery mode only discovers limited asset data, the repository data may appear incomplete.

Tenable Security Center does not count IP addresses discovered solely by Tenable Network Monitor instances in discovery mode toward your license count.