Manage Scanner Profiles

Required Tenable Vulnerability Management User Role: Scan Manager or Administrator

Use the following procedures to manage your scanner profiles. For general information about agent profiles, see Scanner Profiles.

Create a Scanner Profile

Note: You cannot create a scanner profile for an end-of-life (EOL) Tenable Nessus version.

To create a scanner profile:

  1. On the Profiles page, click Add Scanner Profile.

    The Create Scanner Profile page appears.

  2. Configure the following settings for the scanner profile:

    Setting Required Default Description
    Name Yes n/a The scanner profile name.
    Description No n/a The scanner profile description.
    Scanner Version Yes None

    The version that scanners assigned to the profile are upgraded or downgraded to.

    You can set the scanner profile to stay on the latest major version release (for example, 10.x) or the latest minor version release (for example, 10.9.x), or you can set the scanner profile to a specific patch release (for example, 10.9.1).
    Disable Scanner Version Update Yes Disabled Determines whether Tenable Vulnerability Management prevents the scanners from receiving software updates. This setting overrides any scheduled freeze windows.
    Plugin Update Setting Yes Auto update to latest

    Determines what plugins Tenable Vulnerability Management installs on scanners during the daily plugin update. Choose from the following options:

    • Auto update to latest — (Default) Update scanners with the latest plugin set.

    • Delay plugin updates by days — Update scanners with a delayed plugin set. The plugin set can be delayed by a minimum of one day and a maximum of 30 days. If multiple plugin sets were published on the configured day, Tenable Vulnerability Management installs the latest set of that day.

    • Select plugin set from the last 30 days — Update scanners with a specific plugin set from the last 30 days. Tenable Vulnerability Management uses this plugin set until you choose another plugin set or update plan setting.

    Note: This setting only applies to scanners on version 10.10.0 and later.

    Note: If a scanner assigned to the scanner profile has a later plugin set version than the plugin set version offered by Plugin Update Setting, the scanner retains the newer set. In other words, you cannot use this setting to downgrade scanner plugin sets.

  3. Under Assign Scanners, select the checkboxes next to the scanners you want to assign.

  4. Click Create. The scanners’ versions update the next time they check in with Tenable Vulnerability Management, which can take up to 24 hours.

Edit a Scanner Profile

To edit a scanner profile:

  1. On the Profiles page, double-click the profile that you want to edit.

    The Sensor Profile Details page appears.

  2. Edit the scanner profile as needed:

    Setting Required Default Description
    Name Yes n/a The scanner profile name.
    Description No n/a The scanner profile description.
    Scanner Version Yes None

    The version that scanners assigned to the profile are upgraded or downgraded to.

    You can set the scanner profile to stay on the latest major version release (for example, 10.x) or the latest minor version release (for example, 10.9.x), or you can set the scanner profile to a specific patch release (for example, 10.9.1).
    Disable Scanner Version Update Yes Disabled Determines whether Tenable Vulnerability Management prevents the scanners from receiving software updates. This setting overrides any scheduled freeze windows.
    Plugin Update Setting Yes Auto update to latest

    Determines what plugins Tenable Vulnerability Management installs on scanners during the daily plugin update. Choose from the following options:

    • Auto update to latest — (Default) Update scanners with the latest plugin set.

    • Delay plugin updates by days — Update scanners with a delayed plugin set. The plugin set can be delayed by a minimum of one day and a maximum of 30 days. If multiple plugin sets were published on the configured day, Tenable Vulnerability Management installs the latest set of that day.

    • Select plugin set from the last 30 days — Update scanners with a specific plugin set from the last 30 days. Tenable Vulnerability Management uses this plugin set until you choose another plugin set or update plan setting.

    Note: This setting only applies to scanners on version 10.10.0 and later.

    Note: If a scanner assigned to the scanner profile has a later plugin set version than the plugin set version offered by Plugin Update Setting, the scanner retains the newer set. In other words, you cannot use this setting to downgrade scanner plugin sets.

  3. Click Save.

    Tenable Vulnerability Management saves your changes. The scanners’ versions update the next time they check in with Tenable Vulnerability Management, which can take up to 24 hours.

Add or Remove Scanners from Scanner Profiles

Use the following procedures to add a scanner to a scanner profile or remove a scanner from a scanner profile in Tenable Vulnerability Management. You can also add and remove scanners from profiles from the Sensor Profile Details page. For more information, see Edit a scanner profile.

In addition to using the Tenable Vulnerability Management user interface, you can link a scanner to a profile by running the nessuscli managed link command and specifying the optional --profile-uuid argument. To find a profile's profile-uuid, see View a scanner profile ID.

Apply a Scanner Profile to a Scanner

Note: You cannot apply scanner profiles to cloud scanners.

To apply a scanner profile to a scanner:

  1. In the left navigation, click Sensors.

    The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.

  2. Do one of the following:

    • To assign a single scanner to a scanner profile:

      1. Click in the row of the scanner that you want to assign to the profile.

        The action buttons appear in the row.

      2. Click Apply Nessus Scanner Profile.

        The Select Nessus Scanner Profile window appears.

      3. In the table, select the checkbox of the scanner profile that you want to assign the scanner to.

      4. Click Apply.

        Tenable Vulnerability Management assigns the scanner to the scanner profile.

    • To assign multiple scanners to a scanner profile, do one of the following:

      • In the scanners table, select the check box next to each scanner you want to add.

      • In the table header, select the check box to select the entire page.

      The action bar appears at the bottom of the page.

      Tip: In the action bar, select Select All Pages to select all linked scanners.

      1. In the action bar, click Apply Nessus Scanner Profile.

        The Select Nessus Scanner Profile window appears.

      2. In the table, select the checkbox of the scanner profile that you want to assign the scanners to.

      3. Click Apply.

        Tenable Vulnerability Management assigns the scanners to the scanner profile. The scanners' versions update within 24 hours of the profile application.

Remove a Scanner from a Scanner Profile

To remove a scanner from a scanner profile:

  1. In the left navigation, click Sensors.

    The Sensors page appears. By default, the Nessus Scanners tab is active and Linked Scanners is selected in the drop-down box.

  2. Do one of the following:

    • To remove a single scanner from a scanner profile:

      1. Click in the row of the scanner that you want to assign to the profile.

        The action buttons appear in the row.

      2. Click Remove Nessus Scanner Profile.

        The Remove Nessus Scanner Profile window appears.

      3. Click Remove to confirm.

        Tenable Vulnerability Management removes the scanner from the scanner profile.

    • To remove multiple scanners from a scanner profile, do one of the following:

      • In the scanners table, select the check box next to each scanner you want to add.

      • In the table header, select the check box to select the entire page.

      The action bar appears at the bottom of the page.

      Tip: In the action bar, select Select All Pages to select all linked scanners.

      1. In the action bar, click Remove Nessus Scanner Profile.

        The Remove Nessus Scanner Profile window appears.

      2. Click Remove to confirm.

        Tenable Vulnerability Management removes the scanners from the scanner profile or profiles. The scanners' versions update within 24 hours of the profile removal.

View a Scanner Profile ID

You can link a scanner to a profile by running the nessuscli managed link command and specifying the optional --profile-uuid argument. Use the following procedure to view a profile's --profile-uuid.

To view a scanner profile ID:

  1. On the Profiles page, double-click the scanner profile that you want to view the ID of.

    The Sensor Profile Details page appears.

  2. In the Details tab, view the --profile-uuid under Scanner Profile ID. You can click to copy the ID to your clipboard.

Copy a Scanner Profile

Copy a scanner profile to create a duplicate of the existing scanner profile. You can then use the duplicate to set up a new scanner profile.

To copy a scanner profile:

  1. On the Profiles page, click in the row of the profile that you want to copy.

    A menu appears.

  2. Click Copy.

    Tenable Vulnerability Management creates a new profile with "Copy of" appended to the profile name.

Delete a Scanner Profile

Delete a scanner profile if you no longer need the scanner profile. You cannot undo a scanner profile deletion.

To delete a scanner profile:

  1. On the Profiles page, click in the row of the profile that you want to delete.

    A menu appears.

  2. Click Delete.

    The Delete Nessus Scanner Profile window appears.

  3. Click Delete to confirm the deletion.

    Tenable Vulnerability Management deletes the scanner profile and removes all the linked scanners from the profile.