Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Adding a Nessus Scheduled Live Scan

 

A live scan runs on your Nessus server and imports the result data from a temporary directory on the Nessus client that contains the scan report data.

  1. Click the Admin tab.
  2. Click the VA Scanners icon.
  3. Click Add.
  4. In the Scanner Name field, type a name to identify your Nessus scanner.
  5. From the Managed Host list, select the managed host that manages the scanner import.
  6. From the Type list, select Nessus Scanner.
  7. From the Collection Type list, select Scheduled Live Scan.
  8. Configure the following parameters:

    Parameter

    Description

    Server Username

    The user name to access Nessus server.

    Server Password

    Your Nessus server password must not contain the exclamation mark (!) character or authentication failures can occur over SSH.

    Client Temp Dir

    The directory path of the Nessus client that JSA can use to store temporary files.

    JSA uses the temporary directory on the Nessus client to upload scan targets and read scan results. Temporary files are removed from the temporary directory when the scan completes and the scan report is downloaded.

    Nessus Executable

    The directory path to the executable file on the Nessus server.

    Nessus Configuration File

    The directory path to the Nessus configuration file on the Nessus client.

    Client Hostname

    The host name or IP address of the Nessus client.

    Client SSH Port

    The SSH port on the Nessus server that can be used to retrieve scan result files.

    Client Username

    The user name to authenticate the SSH connection.

    Client Password

    If the Enable Key Authentication field is enabled, the password is ignored.

    If the scanner is configured to use a password, the SSH scanner server that connects to JSA must support password authentication. If it does not, SSH authentication for the scanner fails. Ensure the following line is displayed in your /etc/ssh/sshd_config file: PasswordAuthentication yes. If your scanner server does not use OpenSSH, see the vendor documentation for the scanner configuration information.

    Private Key File

    The directory path to the key file. If a key file does not exist, you must create the vis.ssh.key file.

    CIDR Mask

    The size of the subnet that you want to scan. The value represents the largest portion of the subnet the scanner can scan at one time. The mask segments the scan to optimize the scan performance.

  9. To configure a CIDR range for your scanner:
    1. Type the CIDR range that you want this scanner to consider or click Browse to select a CIDR range from the network list.

    2. Click Add.

  10. Click Save.
  11. On the Admin tab, click Deploy Changes.