Skip to main content

Tenable.io at NC State

Introduction

Tenable.io is a cloud-based vulnerability management solution powered by Nessus technology.

Updates: See Latest Research and Insights on Cve-2021-44228 (aka Log4shell) for the latest Log4Shell updates from Tenable.

Getting Started

Learn the Basics

If you’re new to Nessus, take some time to review the basics using the following resources:

Request Access

To request access, submit a Tenable.io access approval request from the IT Service Portal.

NOTE: Use your Unity credentials to log into Tenablei.io as soon as your access is approved.

Install Nessus Agents

While Tenable.io uses a variety of sensors to assess vulnerabilities, Nessus Agent is the preferred sensor type because it produces more accurate results. To install Nessus Agent, you can use one of the approved CMS options or manually Install Nessus Agent.

Start Scanning

Once Nessus Agents are installed and linked to our Tenable.io instance, they are ready to be scanned.

NOTE: Don’t worry if you don’t see your newly installed Nessus Agents immediately because new assets are created in Tenable.io only after hosts are first scanned. If you don’t already have an existing scan targeting your new Nessus Agent’s Agent Group, submit a ServiceNow request for OIT_SECURITY.

Frequently Asked Questions

What to do with false positives?

If you believe a vulnerability is a false positive, open a ServiceNow request for OIT_SECURITY with your evidence.

Which scoring system should I use?

See the System and Software Security Patching Standard for guidance.

How should vulnerabilities be prioritized?

While severity scoring systems are a good starting point, you need to consider additional factors when prioritizing vulnerability remediation. Data sensitivity is the most important factor, but you also need to consider exploit availability and network exposure when evaluating overall risk.

What if I can’t address a vulnerability?

Accept rules can be created in Tenable.io to accept the risk of a vulnerability without modifying its severity. Upon expiration of an accept rule, Tenable.io no longer hides the vulnerability.

To create accept rules for systems that are in scope for PCI, send all ServiceNow requests to OIT_ISRA.

Who can accept the risk associated with vulnerabilities?

See the Data Management Framework web page for guidance.

What is the difference between network and agent scans?

Network assessments are performed over the network and can either be authenticated or unauthenticated. Alternatively, Nessus Agent assessments run on the host and, as such, are always authenticated. Nessus Agent assessments are functionally equivalent to authenticated network scans except for the overhead of network traffic. Agent scans are not always possible, however, because Nessus Agents are available only for Microsoft, Linux, and Mac OS operating systems.

What is the performance impact of running Nessus Agents?

Tenable provides performance metrics transparently based on internal performance testing. Performance varies by environment and you may or may not see similar results. See the Nessus Agents Performance website for details.

Getting Help

Please don’t hesitate to submit a ServiceNow request for OIT_SECURITY if you still have questions or need further assistance with Tenable.io.