Agent Continuous Assessment Scanning

Continuous assessment scanning is a scanning method that Tenable Vulnerability Management can perform through linked Tenable Nessus Agents. It provides continuous monitoring and reporting of software inventory changes on your hosts.

Note: Continuous assessment scanning is currently only available for Tenable Nessus Agents installed on Linux hosts.

Caution: Agents that have NIAP mode enforced cannot perform continuous assessment scanning. For more information on NIAP mode, see Configure Tenable Nessus Agent for NIAP Compliance and Tenable Nessus Agent CLI Commands in the Tenable Nessus Agent User Guide.

Explanation

Enabling continuous assessment scanning on an agent provides a continuous monitoring solution for software inventory changes on the host the agent is installed on. Agents run an initial baseline scan to capture the full software inventory on the host and re-run these baseline scans every x amount of days, depending how you configure your agent profile. In between these baseline scans, the agents continuously monitor the software inventory on the host and report any inventory changes as they occur (for example, when new software is installed or existing software is uninstalled).

Although continuous assessment scanning offers the convenience of continuous vulnerability monitoring, the vulnerability coverage differs from standard agent scanning. Continuous assessment scanning detects vulnerabilities found in the software versions installed on the host the agent resides on; it does not provide coverage for malware, remote system checks, or database enumerations.

In addition to continuous assessment scanning, Tenable recommends running a standard agent scan at your desired cadence to cover any checks that are not supported in continuous assessment scanning. Configuring a combination of continuous assessment scanning and standard agent scanning allows you to reduce your organization's scan impact while continuously monitoring your assets for software inventory vulnerabilities.

Agents configured with continuous assessment scanning can still perform standard scan window or triggered scans. Scan configuration settings do not affect continuous assessment scanning.

System Requirements

Hardware Minimum Requirement
CPU

  • Single core—~20% of available CPU when processing a baseline scan, ~1.5% of available CPU when processing continuous scans

  • Dual core—~23% of available CPU when processing a baseline scan, ~2% of available CPU when processing continuous scans
RAM ~50 MB
Network Bandwidth

  • Baseline scans—~220 KB

  • Continuous scans—~85 KB per every 500 inventory change events
Disk Space Same as the standard agent disk space requirement.

Plugins

To view the plugins that are used in continuous assessment scanning, use the following plugin search filters (Supported Sensors - Frictionless Assessment Agent and Agent Capable - Unix) on the Tenable Plugins site: https://www.tenable.com/plugins/search?q=supported_sensors%3A%28fa_agent%29+AND+agent%3A%28unix%29&sort=&page=1

Using those search filters, enter an additional CPE filter and specify one of the following CPEs to view individual plugins that continuous assessment scanning supports:

  • cpe:/a:jenkins:jenkins

  • cpe:/a:cloudbees:jenkins

  • cpe:/a:openssl:openssl

  • cpe:/a:zoom:zoom_cloud_meetings

  • cpe:/a:zoom:zoom

  • cpe:/a:gitlab:gitlab

  • cpe:/a:splunk:splunk

  • cpe:/a:tenable:nessus_agent

  • cpe:/a:tenable:nessus

  • cpe:/a:amazon:cloudwatch_agent

  • cpe:/a:kubernetes:kubernetes

  • cpe:/a:google:kubernetes

  • cpe:/a:haxx:curl

  • cpe:/a:haxx:libcurl

  • cpe:/a:nodejs:node.js

  • cpe:/a:vmware:workstation

Additionally, the following Linux security check plugins on the Tenable Plugins site are supported by continuous assessment scanning:

  • Alma Linux Local Security Checks

  • Amazon Linux Local Security Checks

  • CentOS Local Security Checks

  • Debian Local Security Checks

  • Fedora Linux Local Security Checks

  • Oracle Linux Local Security Checks

  • Red Hat Local Security Checks

  • Rocky Linux Local Security Checks

  • SUSE Local Security Checks

  • Ubuntu Local Security Checks

These local security checks are package-based checks that correspond to each distribution’s security advisories. For example, the Alma Linux Local Security Checks check for any Alma Linux security advisories.

Configuration

You can configure continuous assessment scanning at the agent profile level. To enable continuous assessment scanning, select the Enable Continuous Assessment module option in the Agent Profile menu and configure the agent's Baseline scan frequency. Once you enable the setting, configure the baseline scan frequency, and save the agent profile changes, the agents assigned to that profile begin to perform continuous assessment scanning.

For more information, see Agent Profiles.