Tenable Nessus
Tenable Nessus is a vulnerability assessment solution that scans your organization's network and generates vulnerabilities based on the results of those scans. By integrating Tenable Nessus with Brinqa, you can bring in host and vulnerabilities data, giving you a more comprehensive view of your organization's attack surface. This can help you strengthen your cybersecurity posture and better protect against security threats.
This document details the information you must provide for the connector to authenticate with Tenable Nessus and how to obtain that information from Tenable. See create a data integration for step-by-step instructions on setting up the integration.
Required connection settings
When setting up a data integration, select Tenable Nessus from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Tenable Nessus with Brinqa:
-
Server URL: The Tenable Nessus Server URL. The URL format is
https://<server-name>:8834
. -
Access key and Secret key: The API keys associated with the Tenable Nessus user, which must have permissions to log in to the API server and return data.
Generate Tenable Nessus access key and secret key
For the Tenable Nessus connector to use the Nessus API, you must provide the access key and secret key to authenticate to the Nessus server. To do so, follow these steps:
-
Log in to your organization's Tenable Nessus account.
-
Navigate to Settings > My Account.
-
Click the API Keys tab and click Generate.
-
A confirmation dialog appears. Click Generate to display your new keys.
Your new access key and secret key display. You cannot view the keys again. Copy the API keys and save them in a secure location.
If you do not have the permissions to create API keys, contact your Tenable Nessus administrator. For additional information, see Tenable Nessus documentation.
Additional settings
The Tenable Nessus connector contains additional options for specific configuration:
-
Page size: The maximum number of records to get per API request. The default setting is 1000. It is not recommended to go over 1000.
-
Parallel requests: The maximum number of parallel API requests. The default setting is 8.
-
Maximum retries: The maximum number of times that the integration attempts to connect to the Nessus API before giving up and reporting a failure. The default setting is 10.
-
Skip certificate verification: Select this option to allow for untrusted certificates.
Types of data to retrieve
The Tenable Nessus connector can retrieve the following types of data from the Nessus API:
Table 1: Data retrieved from Tenable Nessus
Connector Object | Required | Maps to Data Model |
---|---|---|
Host | Yes | Host |
Scan | No | Not mapped |
Vulnerability | Yes | Vulnerability |
Vulnerability Definition | Yes | Vulnerability Definition |
For detailed steps on how to view the data retrieved from Tenable Nessus in the Brinqa Platform, see How to view your data.
Attribute mappings
Click the tabs below to view the mappings between the source and the Brinqa data model attributes.
Host
Table 2: Host attribute mappings
Source Field Name | Maps to Attribute |
---|---|
cpe | Local variable |
folderId | Local variable |
host-fqdn | publicDnsName, privateDnsName |
host-ip | publicIpAddresses, privateIpAddresses, ipAddresses |
HOST_END_TIMESTAMP | Local variable |
mac-address | macAddresses |
name | uid, hostnames |
netbios-name | name |
operating-system | description, os |
scanId | Local variable |
STATUS | status |
system-type | categories |
Vulnerability
Table 3: Vulnerability attribute mappings
Source Field Name | Maps to Attribute |
---|---|
folderId | Local variable |
HOST_END_TIMESTAMP | lastFound |
host-fqdn | publicDnsName, privateDnsName |
host-ip | ipAddresses |
mac-address | macAddresses |
name | targets |
netbios-name | hostnames |
pluginID | type |
plugin_output | results |
port | port |
protocol | protocol |
scanId | Local variable |
severity | severity, sourceSeverity |
svc_name | Local variable |
STATUS | status |
STATUS_CATEGORY | statusCategory |
UID | uid |
Vulnerability Definition
Table 4: Vulnerability Definition attribute mappings
Source Field Name | Maps to Attribute |
---|---|
cpe | affected |
cve | cveIds, cveRecords |
cvss3_base_score | cvssV3BaseScore |
cvss3_temporal_score | cvssV3TemporalScore |
cvss3_vector | cvssV3Vector |
cvss_base_score | cvssV2BaseScore |
cvss_temporal_score | cvssV2TemporalScore |
cvss_vector | cvssV2Vector |
cwe | cweIds, weaknesses |
description | description |
exploit_framework_ | exploits |
exploit_available | Local variable |
exploitability_ease | Local variable |
exploited_by_malware | Local variable |
family | categories |
in_the_news | Local variable |
patch_publication_date | patchAvailable |
plugin.id | uid |
plugin_name | Name |
plugin_publication_date | publishedDate |
plugin_type | Local variable |
risk_factor | sourceSeverity, severity, severityScore |
see_also | Local variable |
solution | recommendation |
synopsis | summary |
xref | references |
Local variable indicates that the field is processed within a specific context, such as a particular workflow or calculation. Unlike other attributes, local variables aren't mapped to the unified data models. They only exist on the source data model.
Operation options
The Tenable Nessus connector supports the following operation options. See connector operation options for information about how to apply them.
Table 5: Tenable Nessus connector operation options
Connector Object | Option | All Possible values | Description | Example |
---|---|---|---|---|
Host | folder_id | The unique number identifying the folder. | Limit the results to those in the specified folder. | Key: folder_id Value: 1234 . This key and value combination retrieves scans from folder '1234' to obtain information on hosts. |
Scan | folder_id | The unique number identifying the folder. | Limit the results to those in the specified folder. | Key: folder_id Value: 1234 . This key and value combination retrieves scans from folder '1234'. |
Vulnerability | folder_id | The unique number identifying the folder. | Limit the results to those in the specified folder. | Key: folder_id Value: 1234 . This key and value combination retrieves scans from folder '1234' to obtain information on vulnerabilities. |
last_modified_before | A Unix time stamp value in milliseconds. | Limit the results to those that have changed before this time. | Key: last_modified_before Value: 1676333860829 . This key and value combination retrieves scans that have changed before 2023 Feb 14 00:17:40 UTC to obtain information on vulnerabilities. | |
last_modified_after | A Unix time stamp value in milliseconds. | Limit the results to those that have changed since this time. | Key: last_modified_after Value: 1676333860829 . This key and value combination retrieves scans that have changed since 2023 Feb 14 00:17:40 UTC to obtain information on vulnerabilities. | |
plugin | Any supported Tenable Nessus plugin ID number or range of plugin IDs from 0-8388607. | Retrieves vulnerabilities that are related to the specified plugin ID or range of plugin IDs. Plugin IDs are separated by a dash - . | Key: plugin Value: 123456 . This key and value combination only retrieves vulnerabilities associated with plugin ID 123456 . | |
severity | Any number from 0-4. | Retrieves vulnerabilities based on their specified severity level. 0 = Informational, 1 = Low, 2 = Medium, 3 = High, and 4 = Critical. | Key: severity Value: 4 : This key and value combination only retrieves vulnerabilities with a severity level of 4 , or critical vulnerabilities. | |
Vulnerability definition | folder_id | The unique number identifying the folder. | Limit the results to those in the specified folder. | Key: folder_id Value: 1234 . This key and value combination retrieves scans from folder '1234' to obtain information on vulnerability definitions. |
The option keys and values are case-sensitive as they are shown in this documentation.
APIs
The Tenable Nessus connector uses the Nessus API. Specifically, it uses the following endpoints:
Table 6: Nessus API Endpoints
Connector Object | API Endpoints |
---|---|
Host | GET /scans |
GET /scans/{scan_id} | |
POST /scans/{scan_id}/export | |
GET /scans/{scan_id}/export/{file_id}/download | |
GET /scans/{scan_id}/export/{file_id}/status | |
Scan | GET /scans |
GET /scans/{scan_id} | |
Vulnerability | GET /scans |
GET /scans/{scan_id} | |
POST /scans/{scan_id}/export | |
GET /scans/{scan_id}/export/{file_id}/download | |
GET /scans/{scan_id}/export/{file_id}/status | |
Vulnerability Definition | GET /scans |
GET /scans/{scan_id} | |
GET /plugins/plugin |
Changelog
The Tenable Nessus connector has undergone the following changes:
Table 7: Tenable Nessus connector changelog
This connector is part of a bundled release with other connectors from the same vendor. If a version shows "No change", it means that the connector version was updated for consistency as part of the bundle, but no functional changes were made to this specific connector. You can update to or skip this version without affecting your existing configuration.
Version | Description | Date Published |
---|---|---|
3.1.33 | No change. | July 10th, 2025 |
3.1.32 | No change. | July 1st, 2025 |
3.1.31 | The Tenable connectors have been updated to reflect Tenable's product name changes. This change only affects the connector label and does not impact functionality. You can update without making any changes to your existing configurations. | June 10th, 2025 |
3.1.30 | No change. | May 22nd, 2025 |
3.1.29 | No change. | May 7th, 2025 |
3.1.28 | No change. | May 7th, 2025 |
3.1.27 | No change. | December 30th, 2024 |
3.1.26 | No change. | October 3rd, 2024 |
3.1.25 | No change. | September 30th, 2024 |
3.1.24 | No change. | September 5th, 2024 |
3.1.23 | No change. | July 26th, 2024 |
3.1.22 | No change. | July 16th, 2024 |
3.1.21 | No change. | May 31st, 2024 |
3.1.20 | No change. | April 10th, 2024 |
3.1.19 | No change. | February 22nd, 2024 |
3.1.18 | No change. | February 11th, 2024 |
3.1.17 | No change. | January 25th, 2024 |
3.1.16 | Addressed precision issues by changing the data type for CVSS scores from Float to Double. | January 18th, 2024 |
3.1.15 | - Changed the SOURCE_SEVERITY attribute type to string. - Added the SOURCE_SEVERITY_SCORE attribute to the Dynamic Code Finding Definition object. | December 17th, 2023 |
3.1.14 | No change. | October 2nd, 2023 |
3.1.13 | No change. | September 18th, 2023 |
3.1.12 | Added a new setting to configure maximum retries: Maximum retries. | September 12th, 2023 |
3.1.11 | No change. | August 10th, 2023 |
3.1.10 | No change. | August 5th, 2023 |
3.1.9 | No change. | July 27th, 2023 |
3.1.8 | No change. | July 27th, 2023 |
3.1.7 | No change. | July 27th, 2023 |
3.1.6 | No change. | July 27th, 2023 |
3.1.5 | Code clean up and general maintenance. | July 26th, 2023 |
3.1.4 | Code clean up and general maintenance. | July 21st, 2023 |
3.1.3 | No change. | July 19th, 2023 |
3.1.2 | Added a check for null or empty dates. | June 29th, 2023 |
3.1.1 | No change. | June 28th, 2023 |
3.1.0 | No change. | June 15th, 2023 |
3.0.16 | Code clean up and general maintenance. | June 11th, 2023 |
3.0.15 | Code clean up and general maintenance. | May 24th, 2023 |
3.0.14 | No change. | May 23rd, 2023 |
3.0.13 | Code clean up and general maintenance. | May 23rd, 2023 |
3.0.12 | Code clean up and general maintenance. | May 22nd, 2023 |
3.0.11 | No change. | May 6th, 2023 |
3.0.10 | No change. | April 21st, 2023 |
3.0.9 | No change. | April 20th, 2023 |
3.0.8 | No change. | April 11th, 2023 |
3.0.7 | No change. | March 28th, 2023 |
3.0.6 | No change. | March 27th, 2023 |
3.0.5 | Added the PATCH_PUBLICATION_DATE attribute to the Vulnerability Definition object. | March 6th, 2023 |
3.0.4 | No change. | March 3rd, 2023 |
3.0.3 | No change. | February 21st, 2023 |
3.0.2 | Initial Integration+ release. | February 3rd, 2023 |