While the following feature is supported in Federal Risk and Authorization Management Program (FedRAMP) environments, it is not FedRAMP authorized. For more information, see the FedRAMP Product Offering.

Note: This section describes the new interface. For information about the classic interface, see Agents (Classic Interface). For information about navigating the new interface, see Navigate (New Interface).

Agents increase scan flexibility by making it easy to scan assets without needing ongoing host credentials or assets that are offline. Agents allow for large-scale concurrent scanning with little network impact.

After you install a Nessus Agent on a host and link the agent to, the Agent appears on the Linked Agents page.

Note: If you assign one or more agents to a network and any of those agents are already assigned to another custom network, a confirmation message appears indicating that, by adding agents to this network, they are reassigned from their previous networks.

Agents send the following information to

  • Version information (agent version, host architecture)

  • Versions of installed Tenable plugins

  • OS information (for example, Microsoft Windows Server 2008 R2 Enterprise Service Pack 1)

  • Tenable asset IDs (for example, /etc/tenable_tag on Unix, HKEY_LOCAL_MACHINE\SOFTWARE\Tenable\TAG on Windows)

  • Network interface information (network interface names, MAC addresses, IPv4 and IPv6 addresses, hostnames and DNS information if available)

  • Hostname if update_hostname is set to yes (see Nessus Agent Advanced Settings for more information)

  • ClosedAWS EC2 instance metadata, if available:

    • privatelp

    • accountId

    • imageId

    • region

    • instanceType

    • availabilityZone

    • architecture

    • instanceId

    • local-hostname

    • public-hostname

    • public-ipv4

    • mac

    • iam/security-credentials/

    • public-keys/0/openssh-key

    • security-groups

For a demonstration on linking a Nessus Agent to, see the following video:

Note: For agents versions 8.3.1 and older, agents check in on start and after a restart.

For agents version 10.0.0 and later, agents check in on start, after a restart, and whenever the metadata is updated (no more than every 10 minutes).

For more information, see the following topics: