Agents

Agents increase scan flexibility by making it easy to scan assets without needing ongoing host credentials or assets that are offline. Agents allow for large-scale concurrent scanning with little network impact.

After you install a Tenable Nessus Agent on a host and link the agent to Tenable Vulnerability Management, the agent appears on the Tenable Vulnerability Management Linked Agents page.

Note: If you assign one or more agents to a network and any of those agents are already assigned to another custom network, a confirmation message appears indicating that, by adding agents to this network, they are reassigned from their previous networks.

Agents send the following information to Tenable Vulnerability Management:

  • Version information (agent version, host architecture)

  • Versions of installed Tenable plugins

  • OS information (for example, Microsoft Windows Server 2008 R2 Enterprise Service Pack 1)

  • Tenable asset IDs (for example, /etc/tenable_tag on Unix, HKEY_LOCAL_MACHINE\SOFTWARE\Tenable\TAG on Windows)

  • Network interface information (network interface names, MAC addresses, IPv4 and IPv6 addresses, hostnames and DNS information if available)

  • Hostname if update_hostname is set to yes (see Tenable Nessus Agent Advanced Settings for more information)

  • (Agents 10.0.x and later) ClosedAWS EC2 instance metadata, if available:

    Note: Tenable Nessus Agent connect to 169.254.169.254 to provide AWS metadata to Tenable Vulnerability Management; traffic between Tenable Nessus Agent and 169.254.169.254 is normal and expected behavior.

    • privatelp

    • accountId

    • imageId

    • region

    • instanceType

    • availabilityZone

    • architecture

    • instanceId

    • local-hostname

    • public-hostname

    • public-ipv4

    • mac

    • iam/security-credentials/

    • public-keys/0/openssh-key

    • security-groups

For a demonstration on linking a Tenable Nessus Agent to Tenable Vulnerability Management, see the following video:

Note: For agents versions 8.3.1 and older, agents check in on start and after a restart.

For agents version 10.0.0 and later, agents check in on start, after a restart, and whenever the metadata is updated (no more than every 10 minutes).

Tip: For information on other ways to ingest data into Tenable Vulnerability Management, see the Data Ingestion in Tenable Tenable Vulnerability Management quick reference guide.

For more information, see the following topics: