August 15, 2020

Tenable.io Agents for Windows

The Tenable agents are installed on the endpoint, a Windows 10 Pro laptop in this case. The agent reports back to cloud.tenable.com and not a local on-prem Nessus.SC installation. This is good for remote machines since a VPN is not required.

Install the agents

  1. Download the agent installer from https://www.tenable.com/downloads/nessus-agents
  2. Log into tenable.io at https://cloud.tenable.com
  3. Make sure you are in the “New Interface”
  4. Click the hamburger menu (upper left = menu)
  5. Click Settings
  6. Click Sensors
  7. Click Agents
  8. Click Add Agent
  9. Copy the Linking Key (e.g. fake1234258622fakeb9f0d10fake695f653cde212dffb1653b6dcade33f94
  10. Note that the host = cloud.tenable.com
  11. Install the agent either manually via via the deployment method of choice.
  12. I’ve found that nessuscli.exe is the easiest way to get them working. Located in the C:\Program Files\Tenable\Nessus Agent> folder

Troubleshooting the Agents

After completing the steps above, I keep getting Aborted as a scan result. I think this is because I forgot to tell the agent what Agent Group it is a part of. Now what?!

The best way to t-shoot agent issues, is with the NessusCli. Again, it’s typically located in the C:\Program Files\Tenable\Nessus Agent> folder.

NessusCLI.exe

Here are the options to use with nessuscli.exe.

Usage: nessuscli []
Usage: nessuscli help
Fix Commands:
fix [--secure] --list
fix [--secure] --set
fix [--secure] --get
fix [--secure] --delete
fix --reset
Link Commands:
agent link --key= --cloud or --host= --port= [optional parameters]
agent unlink [--force]
agent status [--remote | --local]
agent update --file=
agent relink --host= --port= [cloud linked agents only]
Bug Reporting Commands:
bug-report-generator
bug-report-generator --quiet [--full] [--scrub]

Notice the options revolve around Fix, Link, and Bug Reporting. Link is what we used during the install process. I know that worked already since the nessuscli agent status command shows, “[info] [agent] Linked to: cloud.tenable.com:443”

The fix command

To add the Agent Group name of “SecurityTeam” to the installed agent, type nessuscli fix --group=SecurityTeam

Ok, now configure the scan job for the Agent Group. Start it, and check the agent status again

The tenable.io interface says the same thing, good sign.

Scan pending…