The Tenable agents are installed on the endpoint, a Windows 10 Pro laptop in this case. The agent reports back to cloud.tenable.com and not a local on-prem Nessus.SC installation. This is good for remote machines since a VPN is not required.
Install the agents
- Download the agent installer from https://www.tenable.com/downloads/nessus-agents
- Log into tenable.io at https://cloud.tenable.com
- Make sure you are in the “New Interface”
- Click the hamburger menu (upper left = menu)
- Click Settings
- Click Sensors
- Click Agents
- Click Add Agent
- Copy the Linking Key (e.g. fake1234258622fakeb9f0d10fake695f653cde212dffb1653b6dcade33f94
- Note that the host = cloud.tenable.com
- Install the agent either manually via via the deployment method of choice.
- I’ve found that nessuscli.exe is the easiest way to get them working. Located in the C:\Program Files\Tenable\Nessus Agent> folder
Troubleshooting the Agents
After completing the steps above, I keep getting Aborted as a scan result. I think this is because I forgot to tell the agent what Agent Group it is a part of. Now what?!
The best way to t-shoot agent issues, is with the NessusCli. Again, it’s typically located in the C:\Program Files\Tenable\Nessus Agent> folder.
Here are the options to use with nessuscli.exe.
Usage: nessuscli 
Usage: nessuscli help
fix [--secure] --list
fix [--secure] --set
fix [--secure] --get
fix [--secure] --delete
agent link --key= --cloud or --host= --port= [optional parameters]
agent unlink [--force]
agent status [--remote | --local]
agent update --file=
agent relink --host= --port= [cloud linked agents only]
Bug Reporting Commands:
bug-report-generator --quiet [--full] [--scrub]
Notice the options revolve around Fix, Link, and Bug Reporting. Link is what we used during the install process. I know that worked already since the nessuscli agent status command shows, “[info] [agent] Linked to: cloud.tenable.com:443”
The fix command
To add the Agent Group name of “SecurityTeam” to the installed agent, type
nessuscli fix --group=SecurityTeam
Ok, now configure the scan job for the Agent Group. Start it, and check the agent status again
The tenable.io interface says the same thing, good sign.