Nessus Scanners

For high level information about active and agent scanning, see Active Scans and Agent Scans.

In the Tenable.sc framework, the Nessus scanner behaves as a server, while Tenable.sc serves as a client that schedules and initiates scans, retrieves results, reports results, and performs a wide variety of other important functions.

You can add Nessus or Tenable.io deployments to Tenable.sc as Nessus scanners in Tenable.sc:

  • Managed or unmanaged Nessus scanners
  • Nessus Manager instances

    Note: If you enabled clustering on Nessus Manager, add the parent node of the cluster to Tenable.sc. For more information, see Clustering in the Nessus User Guide.

  • Tenable.io instances

For more information, see:

For information about Tenable.sc-Nessus and Tenable.sc-Tenable.io communications encryption, see Encryption Strength.

Option

Description

Name

A descriptive name for the scanner.

Description

A scanner description, location, or purpose.

Host

The hostname or IP address of the scanner.

Port

The TCP port that the scanner listens on for communications from Tenable.sc. The default is port 8834.

Enabled

A scanner may be Enabled or Disabled within Tenable.sc to allow or prevent access to the scanner.

Verify Hostname

Adds a check to verify that the hostname or IP address entered in the Host option matches the CommonName (CN) presented in the SSL certificate from the Nessus server.

Note: Confirm that the correct CA certificate is configured for use by Tenable.sc. If you are using a custom CA, configure Tenable.sc to trust your custom CA, as described in Trust a Custom CA. You do not need to perform this step when using the default certificates for Nessus servers.

Use Proxy

Instructs Tenable.sc to use its configured proxy for communication with the scanner.

Authentication Type

Select Password or SSL Certificate for the authentication type to connect to the scanner.

For complete information about Nessus SSL certificate authentication, see Manual Nessus SSL Certificate Exchange.

Username

Username generated during the install for daemon to client communications. This must be an administrator user in order to send plugin updates to the scanner. If the scanner is updated by a different method, such as through another Tenable.sc, a standard user account may be used to perform scans. This option is only available if the Authentication Type is set to Password.

Password

The login password must be entered in this option. This option is only available if the Authentication Type is set to Password.

Certificate

If you set Authentication Type to SSL Certificate, specifies the nessuscert.pem file you want to use for authentication to the scanner.

For complete information about Nessus SSL certificate authentication, see Manual Nessus SSL Certificate Exchange.

Certificate Passphrase If you selected SSL Certificate as the Authentication Type and the private key that decrypts your SSL certificate is encrypted with a passphrase, the passphrase for the private key.

Zones

The scan zones that can use this scanner. For more information, see Scan Zones.

Agent Capable

Specifies whether you want this scanner to provide Nessus Agent scan results to Tenable.sc.

Agent capable scanners must be either Tenable.io or Nessus Manager 6.5 or later. When using Nessus Manager, an organizational user account must be used to connect from Tenable.sc.

Organizations

When the Agent Capable option is enabled, specifies one or more organizations that you want to grant access to import Nessus Agent data into Tenable.sc.

API Keys

When the Agent Capable option is enabled, specifies whether you want to use secure API keys when importing agent scan data from Nessus or Tenable.io scanners.

For more information about retrieving your access key and secret key from Nessus and Tenable.io, see Generate a Nessus API Key in the Nessus User Guide and Generate a Tenable.io API Key in the Tenable.io Vulnerability Management User Guide.

Access Key

When the API Keys option is enabled, specifies the access key for the Nessus or Tenable.io scanner.

Secret Key

When the API Keys option is enabled, specifies the secret key for the Nessus or Tenable.io scanner.