Add a Nessus Scanner

Required User Role: Administrator

For more information, see Nessus Scanners.

Note: Tenable.sc cannot perform scans with or update plugins for scanners running unsupported versions of Nessus. For minimum Nessus scanner version requirements, see the Tenable.sc Release Notes for your version.

Note:Tenable.sc does not send plugins to linked Nessus Managers. Nessus Manager pulls plugins directly from Tenable's plugin sites. Therefore, to update plugin sets, Nessus Manager needs access to the internet and Tenable's plugin sites (for more information, see the Which Tenable sites should I allow? community article). If your Nessus Manager does not have internet access, you can manually update its version and plugins offline (for more information, see Manage Nessus Offline in the Nessus User Guide).

To add a Nessus scanner to Tenable.sc:

  1. Log in to Tenable.sc via the user interface.

  2. Click Resources > Nessus Scanners.

    The Nessus Scanners page appears.

  3. At the top of the table, click Add.

    The Add Nessus Scanner page appears.

  4. Configure Nessus scanner options, as described in Nessus Scanners.

    1. In the Name box, type a name for the scanner.

    2. In the Description box, type a description for the scanner.

    3. In the Host box, type the hostname or IP address for the scanner.

    4. In the Port box, view the default (8834) and modify, if necessary.

    5. If you want to disable this scanner's connection to Tenable.sc, click Enabled to disable the connection.

    6. If you want to verify that the hostname or IP address entered in the Host option matches the CommonName (CN) presented in the SSL certificate from the Nessus scanner, click Verify Hostname to enable the toggle.

    7. If you want to use the proxy configured in Nessus for communication with the scanner, click Use Proxy to enable the toggle.

    8. In the Type drop-down box, select the authentication type.

    9. If you selected Password as the Type:

      1. In the Username box, type the username for the account generated during the Nessus installation for daemon-to-client client communications.

      2. In the Password box, type the password associated with the username you provided.

    10. If you selected SSL Certificate as the Type:

      1. Click Choose File to upload the nessuscert.pem file you want to use for authentication to the scanner. For more information, see Manual Nessus SSL Certificate Exchange.

      2. (Optional) If the private key that decrypts your SSL certificate is encrypted with a passphrase, in the Certificate Passphrase box, type the passphrase for the private key.

    11. Check the box for all active scan zones you want to use this scanner.

    12. If you want this scanner to provide Nessus Agent scan results to Tenable.sc:

      1. Click Agent Capable to enable the toggle.

      2. Check the box for one or more Organizations that you want to grant access to import Nessus Agent data into Tenable.sc.

      3. If you want to use secure API keys when importing agent scan data from Nessus scanners:

        1. Click API Keys to enable the toggle.

        2. In the Access Key box, type the access key.

        3. In the Secret Key box, type the secret key.

  5. Click Submit.

    Tenable.sc saves your configuration.

What to do next:

  • Configure a scan zone, repository, and active scan objects, as described in Active Scans.