Tenable Nessus Scanners
In the Tenable Security Center framework, the Tenable Nessus scanner behaves as a server, while Tenable Security Center serves as a client that schedules and initiates scans, retrieves results, reports results, and performs a wide variety of other important functions.
If your deployment includes Tenable Security Center Director, you can use it to manage the Tenable Nessus scanners on your managed Tenable Security Center instances.
You can add managed or unmanaged Tenable Nessus deployments to Tenable Security Center as Tenable Nessus scanners in Tenable Security Center.
Note: Tenable Security Center cannot perform scans with or update plugins for scanners running unsupported versions of Tenable Nessus. For minimum Tenable Nessus scanner version requirements, see the Tenable Security Center Release Notes for your version.
For more information, see:
- Add a Tenable Nessus Scanner
- Manage Nessus Scanners
- View Your Nessus Scanners
- View Details for a Nessus Scanner
- Delete a Nessus Scanner
For information about Tenable Security Center-Tenable Nessus communications encryption, see Encryption Strength.
Tenable Nessus Scanner Settings
Option |
Description |
---|---|
General | |
Tenable Security Center Instance | The name of the managed Tenable Security Center instance where you configured the Tenable Nessus scanner. |
Name |
A descriptive name for the scanner. |
Description |
A scanner description, location, or purpose. |
Host |
The hostname or IP address of the scanner. |
Port |
The TCP port that the scanner listens on for communications from Tenable Security Center. The default is port 8834. |
Enabled |
A scanner may be Enabled or Disabled within Tenable Security Center to allow or prevent access to the scanner. |
Verify Hostname |
Adds a check to verify that the hostname or IP address entered in the Host option matches the CommonName (CN) presented in the SSL certificate from the Nessus server. Note: Confirm that the correct CA certificate is configured for use by Tenable Security Center. If you are using a custom CA, configure Tenable Security Center to trust your custom CA, as described in Trust a Custom CA. You do not need to perform this step when using the default certificates for Tenable Nessus servers. |
Use Proxy |
Instructs Tenable Security Center to use its configured proxy for communication with the scanner. |
Authentication | |
Type |
Select Password, SSL Certificate, or API Keys for the authentication type to connect to the scanner. For complete information about Tenable Nessus SSL certificate authentication, see Manual Nessus SSL Certificate Exchange. |
Username |
Username generated during the install for daemon to client communications. This must be an administrator user in order to send plugin updates to the scanner. If the scanner is updated by a different method, such as through another Tenable Security Center, a standard user account may be used to perform scans. This option is only available if the Authentication Type is set to Password. |
Password |
The login password must be entered in this option. This option is only available if the Authentication Type is set to Password. |
Certificate |
If you set Authentication Type to SSL Certificate, specifies the nessuscert.pem file you want to use for authentication to the scanner. For complete information about Tenable Nessus SSL certificate authentication, see Manual Nessus SSL Certificate Exchange. |
Certificate Passphrase | If you selected SSL Certificate as the Authentication Type and the private key that decrypts your SSL certificate is encrypted with a passphrase, the passphrase for the private key. |
Active Scans | |
Zones |
The scan zones that can use this scanner. For more information, see Scan Zones. |
Agents | |
Agent Capable |
Specifies whether you want this scanner to provide Tenable Nessus Agent scan results to Tenable Security Center. Agent capable scanners must be Nessus Manager 6.5 or later. When using Nessus Manager, you must use an organizational user account to connect from Tenable Security Center. |
Organizations |
When the Agent Capable option is enabled, or you select API Keys as the Authentication Type, specifies one or more organizations that you want to grant access to import Tenable Nessus Agent data into Tenable Security Center. |
API Keys |
When the Agent Capable option is enabled, specifies whether you want to use secure API keys when importing agent scan data from Tenable Nessus scanners. For more information about retrieving your access key and secret key from Tenable Nessus, see Generate a Nessus API Key in the Tenable Nessus User Guide . |
Access Key |
When the API Keys option is enabled, specifies the access key for the Tenable Nessus scanner. When you select API Keys as the Authentication Type, specifies the access key for the Tenable Nessus Agent. |
Secret Key |
When the API Keys option is enabled, specifies the secret key for the Tenable Nessus scanner. When you select API Keys as the Authentication Type, specifies the secret key for the Tenable Nessus Agent. |
Web Application Scanning | |
Capable | Specifies whether you want this scanner to provide Tenable Web App Scanning scan results to Tenable Security Center. |