Nessus Network Monitor Instances
Nessus Network Monitor (NNM) is a patented network discovery and vulnerability analysis software solution that delivers real-time network profiling and monitoring for continuous assessment of an organization’s security posture in a non-intrusive manner. NNM monitors network traffic at the packet layer to determine topology, services, and vulnerabilities. Where an active scanner takes a snapshot of the network in time, NNM behaves like a security motion detector on the network.
Tenable.sc communicates with NNM utilizing the XMLRPC protocol on port 8835 by default. For information about Tenable.sc-NNM communications encryption, see Encryption Strength.
Note: It is important for you to restrict the data NNM collects to only the desired IP address ranges. For example, if your attached NNM collects information on 1100 hosts and Tenable.sc is licensed for 1000 hosts, Tenable.sc imports all of the NNM data and indicates that you exceeded your host count. For more information, see License Requirements.
Tenable.sc will ask NNM for the latest (if any) vulnerability report once every hour by default. The pull interval may be changed under the System Configuration page under the Update tab.
To fully configure passive scan data retrieval from NNM:
- Configure NNM, as described in Get Started in the Nessus Network Monitor User Guide.
- Add your NNM license to Tenable.sc, as described in Apply a New License.
- Add an IPv4 or IPv6 repository for NNM data in Tenable.sc, as described in Add a Repository.
- Add an NNM instance in Tenable.sc, as described in Add an NNM Instance.
- (Optional) Configure NNM plugin import schedules, as described in Edit Plugin and Feed Settings and Schedules. By default, Tenable.sc checks for new passive vulnerability plugins every 24 hours and pushes them to your attached NNM instances.
What to do next:
- View vulnerability data filtered by your NNM repository, as described in Vulnerability Analysis.
Considerations for Licensing
If you want Tenable.sc to push plugin updates to NNM, you must add the product activation code to Tenable.sc. For more information, see Apply a New License.
For detailed information about plugins counted toward the Tenable.sc license count, see License Requirements.
Considerations for NNM Discovery Mode
Your NNM instances can run in two modes: discovery mode disabled and discovery mode enabled. For more information, see NNM Settings in the Nessus Network Monitor User Guide.
If discovery mode is enabled on an NNM instance, Tenable.sc stores discovery mode asset data to Tenable.sc repositories. Since discovery mode only discovers limited asset data, the repository data appears incomplete.
Tenable.sc does not count IP addresses present only from NNM instances in discovery mode toward your license count.