Sensor Proxies
The Sensor Proxies page contains a list of all Sensor Proxy instances linked to Tenable Security Center.
Sensor Proxy provides an on-premises cache and single point of traffic between Tenable Web App Scanning and Tenable Security Center. Sensors send communication to Sensor Proxy, not to Tenable Security Center directly. As a result, large numbers of sensors can communicate with Tenable Security Center with less bandwidth usage. For more information about Sensor Proxy, see the Tenable Sensor Proxy User Guide.
Note: If you migrate your Sensor Proxy, both the old and new Sensor Proxies will appear on the Sensor Proxies page in Tenable Security Center. After you migrate your Sensor Proxy, a Tenable Security Center administrator should delete the old Sensor Proxy instance from the Sensor Proxies page in Tenable Security Center
To add a Sensor Proxy to Tenable Security Center:
-
Do one of the following:
-
If you have a server with Sensor Proxy version 1.1.0 or later:
Skip to step 2.
-
If you have a server with Sensor Proxy version 1.0.11 or earlier:
-
Download the latest version of the Sensor Proxy RPM file from the Tenable Downloads site.
-
Run the following command with root privileges to upgrade your Sensor Proxy to the latest downloaded version:
Copyrpm -Uvh /tmp/SensorProxy-<version>.<build>.x86_64.rpm
For example:
rpm -Uvh /tmp/SensorProxy-1.1.0-00.el8.x86_64.rpm
Tip: You can determine the Sensor Proxy version by running the /opt/sensor_proxy/sbin/sidecar -version command.
-
-
If you do not already have a server with Sensor Proxy:
-
Download the latest version of the Sensor Proxy RPM file from the Tenable Downloads site.
-
Copy the RPM file to /tmp in your prospective Sensor Proxy server. This server must be a separate server from your Tenable Security Center server.
-
Run the following command with root privileges:
Copyrpm -ivh /tmp/SensorProxy-<version>.<build>.x86_64.rpm
For example:
rpm -ivh /tmp/SensorProxy-1.1.0-00.el8.x86_64.rpm
-
-
-
Run the following command with root privileges on your Tenable Security Center server to copy the Tenable Security Center certificate to /root on your Sensor Proxy server:
Copyscp /opt/sc/data/CA/TenableCA.crt root@<ip_address_of_Sensor_Proxy_server>:/root
Example output:
[root@sc ~]# scp /opt/sc/data/CA/TenableCA.crt [email protected]:/root
The authenticity of host '10.1.2.3 (10.1.2.3)' can't be established.
ECDSA key fingerprint is SHA256:oarLiSLC4L+z8ts5/qAwhV9JYtqLNy8Eia1IBqh8gqo.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '10.1.2.3' (ECDSA) to the list of known hosts.
##############################################################################
This system is restricted to authorized users only. Individuals attempting
unauthorized access will be prosecuted. Continued access indicates
your acceptance of this notice.
##############################################################################
[email protected]'s password:
TenableCA.crt
-
Log in to Tenable Security Center as an administrator.
-
Navigate to Resources > Sensor Proxies.
-
Click + Add.
-
Copy the linking key.
-
Run the following command with root privileges on the Sensor Proxy server.
Copy/opt/sensor_proxy/sbin/configure -link -key=<linking_key> -host=<ip_address_of_Security_Center_server> -port=8837 -ca-path=/root/TenableCA.crt [-name=<Sensor_Proxy_name>]
-
Replace <linking_key> with the key you copied in step 6.
-
You can use the optional -name parameter to change the name of the Sensor Proxy listing in Tenable Security Center. If your custom name includes spaces, you must enclose the name in quotation marks.
If you do not specify the -name parameter, the name of the Sensor Proxy appears as "Sensor Proxy" in Tenable Security Center. You can change it at a later time.
For example:
[root@sp ~]# /opt/sensor_proxy/sbin/configure -link -key=b421118229f81c38d1fbdb3bb94f9fdd08c5a27fe2e14de764b299697b686868 -host=10.1.2.3 -port=8837 -ca-path=/root/TenableCA.crt -name="SP 1"
[info] [link] Linked successfully to 1.2.3.4:8837
Note: If Sensor Proxy is unable to validate the Tenable Security Center server certificate, the command line shows errors instead of a successful link message.
-
-
Run the following command with root privileges to enable and start the Sensor Proxy service:
Copy# systemctl enable --now sensorproxy
What to do next:
-
Save the Sensor Proxy server certificate files in case you need to recover Sensor Proxy.