Sensor Proxies

The Sensor Proxies page contains a list of all Sensor Proxy instances linked to Tenable Security Center.

Sensor Proxy provides an on-premises cache and single point of traffic between Tenable Web App Scanning and Tenable Security Center. Sensors send communication to Sensor Proxy, not to Tenable Security Center directly. As a result, large numbers of sensors can communicate with Tenable Security Center with less bandwidth usage. For more information about Sensor Proxy, see the Tenable Sensor Proxy User Guide.

Note: If you migrate your Sensor Proxy, both the old and new Sensor Proxies will appear on the Sensor Proxies page in Tenable Security Center. After you migrate your Sensor Proxy, a Tenable Security Center administrator should delete the old Sensor Proxy instance from the Sensor Proxies page in Tenable Security Center

To add a Sensor Proxy to Tenable Security Center:

  1. Do one of the following:

  2. Run the following command with root privileges on your Tenable Security Center server to copy the Tenable Security Center certificate to /root on your Sensor Proxy server:

    Copy
    scp /opt/sc/data/CA/TenableCA.crt root@<ip_address_of_Sensor_Proxy_server>:/root

    Example output:

    [root@sc ~]# scp /opt/sc/data/CA/TenableCA.crt [email protected]:/root

    The authenticity of host '10.1.2.3 (10.1.2.3)' can't be established.

    ECDSA key fingerprint is SHA256:oarLiSLC4L+z8ts5/qAwhV9JYtqLNy8Eia1IBqh8gqo.

    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes

    Warning: Permanently added '10.1.2.3' (ECDSA) to the list of known hosts.

    ##############################################################################

    This system is restricted to authorized users only. Individuals attempting

    unauthorized access will be prosecuted. Continued access indicates

    your acceptance of this notice.

    ##############################################################################

    [email protected]'s password:

    TenableCA.crt

  3. Log in to Tenable Security Center as an administrator.

  4. Navigate to Resources > Sensor Proxies.

  5. Click + Add.

  6. Copy the linking key.

  7. Run the following command with root privileges on the Sensor Proxy server.

    Copy
    /opt/sensor_proxy/sbin/configure -link -key=<linking_key> -host=<ip_address_of_Security_Center_server> -port=8837 -ca-path=/root/TenableCA.crt [-name=<Sensor_Proxy_name>]
    • Replace <linking_key> with the key you copied in step 6.

    • You can use the optional -name parameter to change the name of the Sensor Proxy listing in Tenable Security Center. If your custom name includes spaces, you must enclose the name in quotation marks.

      If you do not specify the -name parameter, the name of the Sensor Proxy appears as "Sensor Proxy" in Tenable Security Center. You can change it at a later time.

    For example:

    [root@sp ~]# /opt/sensor_proxy/sbin/configure -link -key=b421118229f81c38d1fbdb3bb94f9fdd08c5a27fe2e14de764b299697b686868 -host=10.1.2.3 -port=8837 -ca-path=/root/TenableCA.crt -name="SP 1"

    [info] [link] Linked successfully to 1.2.3.4:8837

    Note: If Sensor Proxy is unable to validate the Tenable Security Center server certificate, the command line shows errors instead of a successful link message.

  8. Run the following command with root privileges to enable and start the Sensor Proxy service:

    Copy
    # systemctl enable --now sensorproxy

What to do next: