Manage Nessus Scanners

Required Tenable Security Center User Role: Administrator

Administrators can view and manage Tenable Nessus scanner configurations from the Tenable Security Center user interface. For more information about Tenable Nessus scanners in Tenable Security Center, see Tenable Nessus Scanners.

View Your Tenable Nessus Scanners

To view a list of configured Tenable Nessus scanners:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Resources >Tenable Nessus Scanners.

    The Tenable Nessus Scanners page appears.

  3. View details about each Tenable Nessus scanner.

    • Name — The name for the scanner.

    • Features — Specifies whether the scanner is a Standard scanner or an Agent Capable scanner. Agent capable scanners provide Tenable Agent scan results to Tenable Security Center.

    • Status — The status of the scanner. For more information, see Tenable Nessus Scanner Statuses.

    • Host — The IP address or hostname of the scanner.

    • Version — The scanner's Tenable Nessus version.

    • Type — The type of scanner connection.

      Type

      Description

      Unknown

      Tenable Security Center could not identify the scanner.

      Nessus (Unmanaged Plugins)

      Tenable Security Center accesses the scanner using a Tenable Nessus user account with Standard permissions.

      Tenable Security Center cannot send plugin updates to the scanner or manage the scanner's activation code.

      Nessus (Managed Plugins)

      Tenable Security Center manages the scanner and authenticates via a Tenable Nessus user account.

      Tenable Security Center sends plugin updates to the scanner and manages the scanner's activation code.

      Tenable (Unmanaged Plugins)

      Tenable Security Center accesses the instance using a Tenable Vulnerability Management user account with Standard permissions.

      Tenable Security Center cannot send plugin updates to the instance or manage the instance's activation code.

    • Uptime — The value indicates the number of days or the amount of time the scanner has been active. This duration corresponds to the Nessus service (nessusd) process running time.

    • Last Modified — The date and time the scanner was last modified.

  4. To view details of a specific Tenable Nessus scanner, see View Details for a Tenable Nessus Scanner.

  5. To filter the scanners that appear on the page, apply a filter as described in Apply a Filter.

  6. To manually refresh the Status data, at the top of the table, click Update Status.

    Tenable Security Center refreshes the Status data.

View Details for a Tenable Nessus Scanner

To view details for a Tenable Nessus scanner:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Resources >Tenable Nessus Scanners.

    The Tenable Nessus Scanners page appears.

  3. Right-click the row for the scanner you want to view.

    The actions menu appears.

    -or-

    Select the check box for the scanner you want to view.

    The available actions appear at the top of the table.

  4. Click View.

    The View Tenable Nessus Scanner page appears.

    Section Action
    Options drop-down box
    General View general information about the scanner.
    Authentication View authentication information for the scanner.
    Active Scans View active scan information for the scanner.
    Agents

    View agent information for the scanner.

    • Agent Capable — Specifies whether the scanner is agent capable: Yes or No.
    • Organizations — If the scanner is agent capable, the organization configured for the scanner.
    • API Keys Set — If the scanner is agent capable, specifies whether API keys are configured for the scanner: Yes or No.
    Data summary

    View metadata and performance metrics for the scanner.

    Note:Tenable Security Center refreshes the load information every 15 minutes.
    Nessus Scanner Health

    If you are viewing details for a managed Tenable Nessus scanner running version 8.2.0 or later, view scanner health summary data:

    • Running Scans — The number of scans currently running on the scanner.
    • Hosts Being Scanned — The number of hosts currently being scanned by the scanner.
    • CPU Load — The percent of the total CPU currently in use by the scanner.
    • Total Memory — The total memory installed on the scanner.
    • Memory Used — The percent of the total memory currently in use by the scanner.
    • Total Disk Space — The total disk space installed on the scanner.
    • Disk Space Used — The percent of the total disk space currently in use by the scanner.
    • Last Updated — The date and time Tenable Security Center last updated the scanner data.

    Tenable Security Center refreshes the data when you load the View Nessus Scanner page. To force a manual refresh, click the refresh button.

View Tenable Nessus Instances in Tenable Security Center

Before you begin:

  • Enable Picture in Picture, as described in Enable Picture in Picture.

    Note: You cannot use Picture in Picture with a Tenable Nessus scanner if you enabled Use Proxy for the scanner or if the scanner's Authentication Type is SSL Certificate. For more information, see Tenable Nessus Scanner Settings.

To view Tenable Nessus instances inside the Tenable Security Center user interface:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Resources >Tenable Nessus Scanners.

    The Tenable Nessus Scanners page appears.

  3. Right-click the row for the Tenable Nessus scanner.

    The actions menu appears.

    -or-

    Select the check box for the Tenable Nessus scanner.

    The available actions appear at the top of the table.

  4. Click Manage System.

    The Tenable Nessus instance opens inside the Tenable Security Center user interface.

What to do next:

  • Manage your Tenable Nessus scanner configurations using the picture in picture window in Tenable Security Center. For more information about Tenable Nessus and Tenable Nessus settings, see the Tenable Nessus User Guide.

  • To exit the Picture in Picture view, in the upper-right corner, click Back.

Download Tenable Nessus Scanner Logs

You can download a log file for Tenable Nessus scanners managed by Tenable Security Center.

All Tenable Nessus scanner logs include:

  • Recent Tenable Nessus log data.

  • System information (operating system version, CPU statistics, available memory, available disk space, etc.).

  • Troubleshooting data.

If you include extended logs, the system also downloads recent Tenable Nessus web server log records, system log data, and network configuration information.

To download logs for a Tenable Nessus scanner:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Resources > Nessus Scanners.

    The Nessus Scanners page appears.

  3. Right-click the row for the scanner for which you want to download logs.

    The actions menu appears.

    -or-

    Select the check box for the scanner for which you want to download logs.

    The available actions appear at the top of the table.

  4. Click Download Logs.

    The Download Nessus Scanner Logs window appears.

  5. To include recent Tenable Nessus web server log records, system log data, and network configuration information, click to enable the Extended Logs toggle.

  6. To hide the first two octets of IPv4 addresses within the logs, click to enable the Sanitize IPs toggle.

  7. Click Download.

    Tenable Security Center downloads the tar.gz file in your browser.

    Tip: If you use 7-Zip to extract the tar.gz file, you may see the following error message: There are some data after the end of the payload data. You can safely ignore this error.

Edit a Tenable Nessus Scanner

To edit a Tenable Nessus scanner in Tenable Security Center:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Resources > Tenable Nessus Scanners.

    The Tenable Nessus Scanners page appears.

  3. Right-click the row for the scanner.

    The actions menu appears.

    -or-

    Select the check box for the scanner.

    The available actions appear at the top of the table.

  4. Click MoreEdit.

    The Edit Tenable Nessus Scanner page appears.

  5. Modify the scanner options. For more information about scanner options, see Tenable Nessus Scanners.

  6. Click Submit.

Delete a Tenable Nessus Scanner

You can delete a Tenable Nessus scanner to permanently remove it from the Tenable Security Center instance.

To delete a Tenable Nessus scanner:

  1. Log in to Tenable Security Center via the user interface.

  2. Click Resources > Nessus Scanners.

    The Nessus Scanners page appears.

  3. Select the scanner you want to delete:

    • To delete a single scanner:

      1. In the table, right-click the row for the scanner you want to delete.

        The actions menu appears.

      2. Click Delete.

    • To delete multiple scanners:

      1. In the table, select the check box for each scanner you want to delete.

        The available actions appear at the top of the table.

      2. At the top of the table, click MoreDelete.

    A confirmation window appears.

  4. Click Delete.

    Tenable Security Center deletes the scanner.