Agent Profiles
Required Tenable Vulnerability Management User Role: Scan Manager or Administrator
You can use agent profiles to apply a specific version to your linked agents. This can be helpful for testing; for example, you may want to schedule a testing period on a subset of your agents before upgrading all your agents to a new version.
An agent profile allows you to apply a newer version to a subset of your agents for a limited time, and more broadly, allows you to upgrade and downgrade agents to different versions easily. You can only assign an agent to one profile.
There are two types of agent profile:
-
Default — The profile to which an agent or agent group belongs to unless you assign it to a custom profile. You cannot copy, delete, or edit the name and description of the Default profile.
-
Custom profiles — A custom profile that you create. Custom networks allow you to associate and configure different agents and agent groups based on your business needs.
Note: You cannot set agent profiles to versions earlier than 10.4.1. Agent profiles do not affect agents on versions earlier than 10.4.1.
Note: The agent profile version overrides the agent's Nessus Agent update plan setting. If you assign the agent a freeze window, the freeze window overrides both the Nessus Agent update plan and the agent profile. In this case, the agent remains on its current version and no software updates occur for that agent as long as the agent is assigned to the freeze window.
-
In the upper-left corner, click the
button.
The left navigation plane appears.
-
In the left navigation plane, click Settings.
The Settings page appears.
-
Click the Sensors tile.
The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.
-
Click the Nessus Agents tab.
The list of agents appears and Linked Agents is selected in the drop-down box.
-
Above the linked agents table, click Profiles.
The Profiles page appears.
Use the following procedures to manage your agent profiles:
![Closed](../../../Skins/Default/Stylesheets/Images/transparent.gif)
Note: You cannot create an agent profile for an end-of-life (EOL) Tenable Nessus Agent version.
To create an agent profile:
-
On the Profiles page, click
Add Agent Profile.
The Create Agent Profile page appears.
-
Enter a Name for the agent profile.
-
(Optional) Enter a Description for the agent profile.
-
Select the agent profile's Sensor Version. This is the version that agents assigned to the profile are upgraded or downgraded to.
You can set the agent profile to stay on the latest major version release (for example, 10.x) or the latest minor version release (for example, 10.4.x), or you can set the agent profile to a specific patch release (for example, 10.4.1).
-
(Optional) Select the Open Agent Port checkbox and enter the open agent port of your targets. The port must be between 1025 and 65535.
Selecting Open Agent Port allows Tenable scanners to identify scan targets that host the agents assigned to this profile. These hosts then appear as a single asset regardless of whether they are the target of a scanner's network scan or are generating agent scans. This helps minimize asset duplication in your network. To learn more about the Open Agent Port, see Configure Agent Profiles to Avoid Asset Duplication in Tenable Vulnerability Management in the Tenable Nessus Agent User Guide.
Note: Configuring the Open Agent Port permits your network scanners to probe each target system on the port you select.
Note: Only agents version 10.6.0 and later can use the Open Agent Port setting. The setting does not apply to any agent on an earlier version.
-
(Optional) Enable Exclude agents from software updates if you want to prevent this profile's agents from receiving software updates. This setting overrides any scheduled freeze windows.
-
Under Assign Agents, select the checkboxes next to the agents you want to assign.
-
Click Create.
![Closed](../../../Skins/Default/Stylesheets/Images/transparent.gif)
You can link an agent to a profile by running the nessuscli agent link command and specifying the optional --profile-uuid argument. You can also link an agent to a profile during deployment by specifying the profile-uuid in the config.json file. Use the following procedure to view a profile's --profile-uuid.
To view an agent profile ID:
-
On the Profiles page, double-click the agent profile that you want to view the ID of.
The Sensor Profile Details page appears.
-
In the Details tab, view the --profile-uuid under Agent Profile ID. You can click
to copy the ID to your clipboard.
![Closed](../../../Skins/Default/Stylesheets/Images/transparent.gif)
To edit an agent profile:
-
On the Profiles page, double-click the profile that you want to edit.
The Sensor Profile Details page appears.
-
Edit the agent profile as needed:
-
To edit the agent profile name, click
next to the agent name.
-
In the Details tab, you can configure the profile description, the agent version, the Open Agent Port, and the Exclude agents from software updates switch.
-
In the Agents tab, you can add or remove linked agents from the agent profile.
-
-
Click Save.
Tenable Vulnerability Management saves your changes. If you added or removed agents from the profile, the agents' versions update within 24 hours of your edit.
![Closed](../../../Skins/Default/Stylesheets/Images/transparent.gif)
Copy an agent profile to create a duplicate of the existing agent profile. You can then use the duplicate to set up a new agent profile.
To copy an agent profile:
-
On the Profiles page, click
in the row of the profile that you want to copy.
A menu appears.
-
Click
Copy.
Tenable Vulnerability Management creates a new profile with "Copy of" appended to the profile name.
![Closed](../../../Skins/Default/Stylesheets/Images/transparent.gif)
Delete an agent profile if you no longer need the agent profile. You cannot undo an agent profile deletion.
To delete an agent profile:
-
On the Profiles page, click
in the row of the profile that you want to delete.
A menu appears.
-
Click
Delete.
The Delete Agent Profile window appears.
-
Click Delete to confirm the deletion.
Tenable Vulnerability Management deletes the agent profile and removes all the linked agents from the profile.
What to do next: