Link Sensors to Sensor Proxy

To use Sensor Proxy, link sensors to Sensor Proxy rather than linking sensors to Tenable Vulnerability Management or Tenable Security Center directly.

Note: Tenable Security Center 6.5 only supports Sensor Proxy linked with Tenable Web App Scanning scanners. Tenable Nessus scanners and Tenable Agents are currently unsupported. Tenable Vulnerability Management supports Sensor Proxy linked with all sensors except Tenable Web App Scanning scanners.

The process for linking sensors varies depending on the sensor type.

Link a Tenable Agent to Sensor Proxy

If you have an agent that is unlinked, you can link it to Sensor Proxy to communicate with Tenable Vulnerability Management.

If you have an agent that is linked to a manager besides the Tenable Vulnerability Management instance you want Sensor Proxy to communicate with, you must first unlink the agent before linking the agent to Sensor Proxy.

Before you begin:

To link an agent to Sensor Proxy:

  1. If your agent is already linked to a manager other than Tenable Vulnerability Management, unlink it using the following command:

    Copy 
    # nessuscli agent unlink

    The agent is unlinked from its manager.

  2. On the agent, link to Sensor Proxy using the following command:

    Copy 
    # nessuscli agent link --key=<linking key> --host=<Sensor Proxy IP or hostname> --port=443
    • For key, use the Tenable Vulnerability Management linking key. For information on retrieving the linking key, see Link a Sensor in the Tenable Vulnerability Management User Guide.
    • For host, use the Sensor Proxy IP address.

    Note: You can add other agent linking options, except for the --cloud option. For more information, see Nessuscli Agent in the Tenable Agent User Guide.

Link a Tenable Nessus Scanner to Sensor Proxy

If you have a Tenable Nessus scanner that is already linked to either Tenable Vulnerability Management or Tenable Nessus Manager, you must first unlink the Tenable Nessus scanner.

For unlinked Tenable Nessus scanners, you can link to Sensor Proxy to communicate via Sensor Proxy to Tenable Vulnerability Management.

Note: If you relink a scanner, the scanner restarts. For several minutes after relinking, the scanner does not perform scan jobs.

Before you begin:

To link a Tenable Nessus scanner to Sensor Proxy:

  1. If your Tenable Nessus scanner is already linked to a manager, unlink it using the following command.

    Copy 
    # nessuscli managed unlink

    The scanner is unlinked from its manager.

  2. Link the scanner to Sensor Proxy using the following command:

    Copy 
    # nessuscli managed link --key=<linking key> --host=<Sensor Proxy IP or hostname> --port=443
    • For key, use the Tenable Vulnerability Management linking key. For information on retrieving the linking key, see Link a Sensor in the Tenable Vulnerability Management User Guide.
    • For host, use the Sensor Proxy IP address.

    Note: (Optional) You can add other Tenable Nessus linking options, except for the --cloud option. For more information, see Nessus CLI in the Tenable Nessus User Guide.

Link a Tenable Web App Scanning Scanner to Sensor Proxy

Sensor Proxy supports two types of Tenable Web App Scanning scanners: those deployed from the Tenable Web App Scanning Docker image and those deployed with Tenable Core + Web App Scanning.

Note:Tenable Web App Scanning scanners linked to Sensor Proxy are only supported with Tenable Security Center.

Before you begin:

Link a Tenable Web App Scanning Docker Image Scanner

  1. Access the Tenable Web App Scanning Docker image at https://hub.docker.com/r/tenable/was-scanner.

  2. Run the following command to start the Docker container:

    Copy 
    docker run -d -e WAS_SCANNER_NAME=<my_scanner> -e WAS_LINKING_KEY=<my_linking_key> -e WAS_PLATFORM_URL=<sensor_proxy_url> tenable/was-scanner

    Replace <my_scanner> with a unique scanner name, replace <my_linking_key> with your linking key, and replace <sensor_proxy_url> with the URL of the Sensor Proxy the scanner will be linked to.

For more information about the Tenable Web App Scanning Docker image, see Deploy Tenable Web App Scanning as a Docker Image in the Tenable Web App Scanning User Guide.

Link a Tenable Core + Web Application Scanning Scanner

  1. Download the Tenable Core + Web Application Scanning installer from the Tenable Core download page.

  2. Install Tenable Core + Web Application Scanning.

  3. From the Tenable Core + Web Application Scanning Overview page, click Web Application Scanner in the left-side navigation pane.

    The Web Application Scanner page appears.

  4. Click next to Tenable Management Platform URL.

    A window appears.

  5. Enter the following information:

    • Linking Key — The linking key from your Tenable Security Center instance. For more information, see Sensor Proxies the Tenable Security Center User Guide.

    • Scanner Name — The name of the scanner that you want to appear in Tenable Security Center.

    • Tenable Management URL — The URL of your Sensor Proxy instance (https://<sensor_proxy_host>).

    • Connect Using Proxy — Leave this unselected.

  6. Click Activate Scanner.

    A success message appears and your Tenable Web App Scanning scanner appears in the scanner list on Tenable Security Center.

For more information about Tenable Core + Web App Scanning, see the Tenable Core + Web App Scanning User Guide.