Sensors

In Tenable Vulnerability Management, "sensors" is the collective term for the applications and instances that gather vulnerability data from your environment. You use the Sensors page to manage the infrastructure that performs your scans.

Tip: For information on other ways to ingest data into Tenable Vulnerability Management, see the Data Ingestion in Tenable Vulnerability Management quick reference guide.

Sensor Categories

To get complete visibility, you typically need a combination of sensor types, depending on the location of your assets.

  • Cloud Sensors (External) — Tenable manages these sensors; you do not install or maintain them. Cloud sensors scan your internet-facing assets (for example, web servers and firewalls) from an external perspective. These sensors are automatically available in your account based on your region.

  • Linked Sensors (Internal) — You manage these sensors; you must install and update them on your own hardware or virtual machines. Linked sensors scan assets inside your corporate firewall that cloud sensors cannot reach. These sensors connect to Tenable Vulnerability Management using a secure linking key. If you reinstall a scanner, you need this key to re-establish the connection.

Types of Linked Sensors

When you install a sensor internally, you choose one of the following based on your needs:

  • Tenable Nessus Scanners — The standard engine for network-based scans. It probes devices remotely to identify open ports and vulnerabilities.

  • Tenable Agents — Lightweight software installed directly on a host (for example, a laptop). Agents are ideal for transient devices that move off-network or for systems where you cannot manage credentials for a network scan.

  • Tenable Network Monitor — A passive sensor that listens to network traffic to identify vulnerabilities in real time without actively probing targets.

  • Tenable OT Connectors — Connectors that import asset and vulnerability data from Tenable OT Security. This allows you to view operational technology (OT) risks alongside your IT vulnerabilities.

  • Tenable Web Application Scanners — Specialized scanners designed to audit web applications.

Grouping and Organization

Managing sensors at scale requires logical organization to ensure scans run efficiently and targeting is accurate.

  • Scanner Groups — These groups allow you to pool multiple Tenable Nessus scanners together. When you assign a scan to a group, the scan balances the load across available scanners, which speeds up large network scans.

  • Agent Groups — These groups allow you to organize Tenable Nessus Agents for targeting. Unlike scanner groups (which are infrastructure), you use agent groups to define the scope of a scan (for example, a "Remote Laptops" group).

  • Scanner Profiles — These profiles control the configuration of your scanners. You use them to standardize settings across your fleet, such as forcing specific software versions or controlling when scanners receive plugin updates.

  • Agent Profiles — These profiles control the behavior of your agents. You use them to manage software update schedules, set freeze windows to prevent changes during critical business hours, and configure advanced settings like the open agent port.

  • Networks — These are logical segments used to handle overlapping IP addresses. If you have two different branch offices that both use the 192.168.1.x range, you assign their respective scanners to different "Networks." This ensures that Tenable Vulnerability Management recognizes that 192.168.1.50 in Branch A is different from 192.168.1.50 in Branch B.