Tenable Nessus

Tenable Nessus is a vulnerability scanning platform for auditors and security analysts.

Related Enforcement Actions:

• Nessus - Add IPs to Scan
• Nessus - Delete Account
• Nessus - Add Agent to Agent Group

Types of Assets Fetched

This adapter fetches the following types of assets:

• Devices
• Vulnerabilities
• SaaS Applications

Parameters

1. Host Address (required) - The hostname or IP address of the Tenable Nessus server.
2. Port (optional)
3. User Name and Password (optional) - The credentials for a user account that has the permissions to fetch assets.
   Note:

   If Access API Key and Secret API Key are not supplied, you must specify User Name and Password.

4. Access API Key and Secret API Key (optional) - An API Key associated with a user account that has permissions to fetch assets. For details, see Tenable Nessus - Generate an API Key.
   Note:

   If User Name and Password are not supplied, you must specify Access API Key and Secret API Key.

5. Verify SSL - Select whether to verify the SSL certificate of the server against the CA database inside of Axonius. For more details, see SSL Trust & CA Settings.

To learn more about common adapter connection parameters and buttons, see Adding a New Adapter Connection.

Advanced Settings

1. Scan IDs include list (optional, default: empty) - Specify a comma-separated list of Tenable Nessus scan IDs.
   • If supplied, all connections for this adapter will only collect devices discovered by Tenable Nessus scan IDs provided in this list.
   • If not supplied, all connections for this adapter will collect devices discovered by any Tenable Nessus scan.
2. Only get devices with MAC, Hostname or correlatable IP address (required, default: False) - Choose whether to exclude fetching devices without MAC address, without hostname and without an IP address that can be correlated to other existing IP address.
   • If enabled, all connections for this adapter will only fetch devices having at least one of the following:
     • MAC address
     • Hostname
     • IP address that can be correlated with an existing IP address in Axonius.
   • If disabled, all connections for this adapter will fetch devices even if those do not have MAC address, no hostname and no IP address that can be correlated to other existing IP address.
3. Do not fetch devices with no MAC address and no hostname - Select whether to exclude fetching devices without a MAC address and without a hostname.
4. Fetch plugin output- Select this option to fetch plugin output.
5. Fetch scans from the last X days - Specify the number of days from which to fetch scan data.
6. Fetch only enabled scans - Select this option to only fetch scans with the status ‘enabled’.
7. Insert both CVE and Plugin as vulnerable software - Select this option to enable having both the following behaviors for the Vuln ID field within the Vulnerable Software complex field: add the plugin as a value and split the field by the CVE value.

8. Parse Netbios name as the asset name. Scan name is the fallback option - Select this option to use the Netbios name of the asset as the asset name. If it does not exist, the Scan name will be used.