
Tenable Nessus
Vulnerability Management- Overview
- Setup
- Data & mappings
- Operations & API
- Changelog
The Tenable Nessus connector integrates with a Tenable Nessus scanner to synchronize scanned host assets, scan metadata, vulnerability findings, and plugin-based vulnerability definitions into the Brinqa platform. The connector enumerates scan folders and scans, exports each scan's completed history as a Nessus XML report, and streams the report to extract hosts and vulnerability findings. Plugin details are retrieved separately to build vulnerability definitions.
Data retrieved from Tenable Nessus
| Connector Object | Required | Maps to Data Model |
|---|---|---|
| Host | Yes | Host |
| Scan | Yes | Scan |
| Vulnerability | Yes | Vulnerability |
| Vulnerability Definition | Yes | Vulnerability Definition |
Model relationships
For detailed steps on how to view the data retrieved from Tenable Nessus in the Brinqa Platform, see How to view your data.
Connection settings
When setting up a data integration, select Tenable Nessus from the Connector dropdown and provide the following:
| Setting | Required | Default | Description |
|---|---|---|---|
| Server URL | Yes | — | Tenable Nessus server URL, e.g https://server-name:8834 |
| Access Key | Yes | — | Tenable Nessus API account access key |
| Secret Key | Yes | — | Tenable Nessus API account secret key |
| Page size | No | 1000 | Maximum number of records to get per API request |
| Parallel requests | No | min(8, available processors) | Maximum number of parallel API requests |
| Maximum retries | No | 10 | The maximum number of retry attempts before giving up a request |
| SSL / TLS | No | false | Skip certificate verification |
Authentication
Method
API Key authentication using an Access Key and Secret Key pair.
Endpoint
| Method | URL |
|---|---|
GET / POST | {url}/* |
{url} is the base URL of the Nessus scanner (the url configuration property).
Request Headers
| Header | Value |
|---|---|
X-ApiKeys | accessKey={accessKey}; secretKey={secretKey} |
Usage
Every API request carries the API key pair in the X-ApiKeys header. No separate token exchange or login step is required. Connectivity is verified by issuing a request to the session endpoint.
How to obtain Tenable Nessus credentials
Generate Tenable Nessus access key and secret key
For the Tenable Nessus connector to use the Nessus API, you must provide the access key and secret key to authenticate to the Nessus server. To do so, follow these steps:
-
Log in to your organization's Tenable Nessus account.
-
Navigate to Settings > My Account.
-
Click the API Keys tab and click Generate.
-
A confirmation dialog appears. Click Generate to display your new keys.
Your new access key and secret key display. You cannot view the keys again. Copy the API keys and save them in a secure location.
Note: If you do not have the permissions to create API keys, contact your Tenable Nessus administrator. For additional information, see Tenable Nessus documentation.
Attribute mappings
Expand the sections below to view the mappings between the source and the Brinqa data model attributes:
Host
| Source Field Name | SDM Attribute |
|---|---|
cpe | OS_CPE |
| host-fqdn | PUBLIC_DNS_NAMES |
| host-fqdn | PRIVATE_DNS_NAMES |
| host-ip | IP_ADDRESSES |
| host-ip | PUBLIC_IP_ADDRESSES |
| host-ip | PRIVATE_IP_ADDRESSES |
| HOST_END_TIMESTAMP | LAST_ASSESSED |
Instant.now() | LAST_CAPTURED |
| mac-address | MAC_ADDRESSES |
name | HOSTNAMES |
| name + operating-system | DESCRIPTION |
| name / host-fqdn / netbios-name / host-ip | NAME |
| operating-system | OPERATING_SYSTEM |
ReportHost.name | UID |
| scan folder id | FOLDER_ID |
| scan history UUID | SCAN_ID |
| system-type + constant | CATEGORIES |
Scan
| Source Field Name | SDM Attribute |
|---|---|
| scan history creation_date | Creation date |
| scan history last_modification_date | Last modified |
| scan history status | Status |
| scan history UUID | Sys ID |
| scan report Preferences plugin selection | Plugins |
scan.folder.id | Folder ID |
scan.folder.name | Folder name |
scan.info.uuid | Scan UUID |
scan.name | Name |
Vulnerability
| Source Field Name | SDM Attribute |
|---|---|
constant | STATUS |
| derived from status | STATUS_CATEGORY |
| host name | TARGETS |
| host-fqdn | PUBLIC_DNS_NAMES |
| host-fqdn | PRIVATE_DNS_NAMES |
| host-ip | IP_ADDRESSES |
| HOST_END_TIMESTAMP | LAST_FOUND |
Instant.now() | LAST_CAPTURED |
| mac-address | MAC_ADDRESSES |
MD5(pluginID, host name, host-ip, host-fqdn, netbios-name, mac-address, svc_name, port, protocol) | UID |
| netbios-name | HOSTNAMES |
| plugin_output | RESULTS |
pluginID | TYPE |
port | PORT |
protocol | PROTOCOL |
| scan folder id | FOLDER_ID |
| scan history UUID | SCAN_ID |
severity | SEVERITY |
severity | SEVERITY_SCORE |
severity | SOURCE_SEVERITY |
severity | SOURCE_SEVERITY_SCORE |
| svc_name | SERVICE |
Vulnerability Definition
| Source Field Name | SDM Attribute |
|---|---|
cpe | AFFECTED |
cve | CVE_IDS / CVE_RECORDS |
| cvss3_base_score | CVSS_V3_BASE_SCORE |
| cvss3_temporal_score | CVSS_V3_TEMPORAL_SCORE |
| cvss3_vector | CVSS_V3_VECTOR, CVSS_V3_AC, CVSS_V3_AI, CVSS_V3_AV, CVSS_V3_CI, CVSS_V3_E, CVSS_V3_II, CVSS_V3_PR, CVSS_V3_RC, CVSS_V3_RL, CVSS_V3_SEVERITY, CVSS_V3_UI |
| cvss_base_score | CVSS_V2_BASE_SCORE |
| cvss_temporal_score | CVSS_V2_TEMPORAL_SCORE |
| cvss_vector | CVSS_V2_VECTOR, CVSS_V2_AC, CVSS_V2_AI, CVSS_V2_AU, CVSS_V2_AV, CVSS_V2_CI, CVSS_V2_E, CVSS_V2_II, CVSS_V2_RC, CVSS_V2_RL, CVSS_V2_SEVERITY |
cwe | CWE_IDS / WEAKNESSES |
description | DESCRIPTION |
| exploit_available | EXPLOIT_AVAILABLE |
| exploit_framework_* | EXPLOITS |
| exploitability_ease | EXPLOIT_EASE |
| exploited_by_malware | EXPLOITED_BY_MALWARE |
| in_the_news | IN_THE_NEWS |
Instant.now() | LAST_CAPTURED |
| patch_publication_date | PATCHABLE |
| patch_publication_date | PATCH_PUBLICATION_DATE |
| plugin family | CATEGORIES |
plugin.id | UID |
| plugin_name | NAME |
| plugin_publication_date | PUBLISHED_DATE |
| plugin_type | PLUGIN_TYPE |
| risk_factor | SOURCE_SEVERITY / SOURCE_SEVERITY_SCORE |
| risk_factor | SEVERITY / SEVERITY_SCORE |
| see_also | SEE_ALSO |
solution | RECOMMENDATION |
synopsis | SUMMARY |
xref | REFERENCES |
Operations & API
Expand each connector object to see its operation options, delta-sync behavior, and the API it uses. See connector operation options for how to apply operation options (keys and values are case-sensitive).
Host
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint (Nessus XML report export)
Scan
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint (Nessus XML report export)
Vulnerability
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint (Nessus XML report export)
Vulnerability Definition
Operation options
This object does not support any operation options.
Delta sync
The connector README does not document sync behavior for this object.
API
- Type: REST endpoint (JSON)
Changelog
The Tenable Nessus connector has undergone the following changes:
| Version | Description | Migration Steps |
|---|---|---|
| 3.1.50 | No changes in this release. | N/A |
| 3.1.49 | Bug Fixes - Vulnerability Definition — The "Exploit available" attribute is now stored as a true/false value, consistent with the other Tenable connectors (Tenable SC, Tenable IO VM/WAS). Previously it was stored as free text, which prevented its values from being consolidated with the same attribute reported by those connectors. | • Vulnerability Definition: the "Exploit available" attribute changed from text to a true/false value. Re-sync the Tenable Nessus connector to repopulate these records with the corrected type. |
| 3.1.48 | Bug Fixes - Vulnerability — Corrected the "Last found" attribute to be stored as a proper timestamp (the scan-end timestamp was being stored as a number). - Host — Corrected the "Last assessed" attribute to be stored as a proper timestamp (the scan-end timestamp was being stored as a number). | • Vulnerability / Host: the date attributes listed above changed from numbers to timestamps. Re-sync the Tenable Nessus connector to repopulate these records with the corrected type. |
| 3.1.47 | No changes in this release. | N/A |
| 3.1.46 | Improvements Dependency Upgrades - Refreshed internal model and CVSS scoring libraries to the latest stable releases to pick up upstream fixes and stay aligned with the rest of the Brinqa connector platform. Cross-Connector Attribute Consolidation - Every connector-defined custom attribute now participates in cross-connector consolidation by default. When the same asset or finding is observed by another connector, Brinqa will merge values for these attributes consistently rather than treating each connector's values as independent. | • Re-sync the connector after upgrading so that previously synced records pick up the new consolidation mappings. Existing data remains intact; the re-sync ensures consolidated values for assets and findings shared with other connectors converge correctly. |
| 3.1.45 — Withdrawn | This release shipped a regression and has been superseded by 3.1.46. Customers should skip 3.1.45 and upgrade directly from 3.1.44 to 3.1.46. | N/A |
| 3.1.44 | Improvements Dependency Upgrades - Upgraded internal framework and storage libraries to the latest stable versions for improved reliability, security patches, and alignment with the rest of the connector platform. | N/A |
| 3.1.43 | No changes in this release. | N/A |
| 3.1.42 | No changes in this release. | N/A |
| 3.1.41 | New Features - Host / Vulnerability / Vulnerability Definition — Added a "Last captured" attribute that records the time each record was observed during a sync, making it easier to see how recently Brinqa last saw a given asset, finding, or finding definition. | N/A |
| 3.1.40 | No changes in this release. | N/A |
| 3.1.39 | Improvements - Added handling for HTTP 504 (Gateway Timeout) responses from Tenable Nessus. Affected requests are now logged and skipped rather than failing the entire sync, improving resilience when the Nessus server is temporarily overloaded. | N/A |
| 3.1.38 | No changes in this release. | N/A |
| 3.1.37 | No changes in this release. | N/A |
| 3.1.36 | No changes in this release. | N/A |
| 3.1.35 | No changes in this release. | N/A |
| 3.1.34 | No changes in this release. | N/A |
| 3.1.33 | No changes in this release. | N/A |
| 3.1.32 | Improvements - Added automatic retry and graceful skip handling for HTTP 503 (Service Unavailable) responses from Tenable Nessus, so transient server-side unavailability no longer aborts an in-progress sync. | N/A |
| 3.1.31 | No changes in this release. | N/A |
| 3.1.30 | No changes in this release. | N/A |
| 3.1.29 | No changes in this release. | N/A |
| 3.1.28 | No changes in this release. | N/A |
| 3.1.27 | No changes in this release. | N/A |
| 3.1.26 | No changes in this release. | N/A |
| 3.1.25 | No changes in this release. | N/A |
| 3.1.24 | No changes in this release. | N/A |
| 3.1.23 | Bug Fixes - Vulnerability Definition — Fixed CVSS v3 metric parsing: the detailed CVSS v3 fields (attack vector, complexity, privileges required, severity, etc.) were previously derived from the CVSS v2 vector and could be incorrect or missing. They are now parsed from the correct CVSS v3 vector. Parsing was also hardened to tolerate vendor-specific vector prefixes and malformed vectors without dropping the record. | • Vulnerability Definition: re-sync the connector to repopulate the corrected CVSS v3 metric attributes on existing finding definitions. |
| 3.1.22 | No changes in this release. | N/A |
| 3.1.21 | No changes in this release. | N/A |
| 3.1.20 | No changes in this release. | N/A |
| 3.1.19 | No changes in this release. | N/A |
| 3.1.18 | No changes in this release. | N/A |
| 3.1.17 | No changes in this release. | N/A |
| 3.1.16 | Bug Fixes - Vulnerability Definition — CVSS v2 and v3 base and temporal scores are now stored as full-precision decimal values instead of single-precision floats, eliminating small rounding artifacts in scores. | • Vulnerability Definition: the CVSS base and temporal score attributes changed from a single-precision to a double-precision numeric type. Re-sync the connector to repopulate these scores with the corrected type. |
| 3.1.15 | New Features - Vulnerability / Vulnerability Definition — Added a normalized severity score and a source severity score, providing numeric severity values alongside the existing severity labels. Improvements - Vulnerability — The source severity attribute now carries the raw severity value reported by Nessus rather than a derived numeric code, making it consistent with the underlying scan data. | • Vulnerability: the source severity attribute's stored values changed. Re-sync the connector so existing findings reflect the corrected source severity and the new severity score attributes. |
| 3.1.14 | No changes in this release. | N/A |
| 3.1.13 | No changes in this release. | N/A |
| 3.1.12 | Improvements - Added a configurable "Max retries" connection setting (default 10) that controls how many times a failed Tenable Nessus API request is retried before giving up. Errors flagged as non-retryable now fail fast instead of being retried unnecessarily. | N/A |
| 3.1.11 | No changes in this release. | N/A |
| 3.1.10 | No changes in this release. | N/A |
| 3.1.9 | No changes in this release. | N/A |
| 3.1.8 | No changes in this release. | N/A |
| 3.1.7 | No changes in this release. | N/A |
| 3.1.6 | No changes in this release. | N/A |
| 3.1.5 | No changes in this release. | N/A |
| 3.1.4 | No changes in this release. | N/A |
| 3.1.3 | No changes in this release. | N/A |
| 3.1.2 | No changes in this release. | N/A |
| 3.1.1 | No changes in this release. | N/A |
| 3.1.0 | No changes in this release. | N/A |
| 3.0.16 | No changes in this release. | N/A |
| 3.0.15 | No changes in this release. | N/A |
| 3.0.14 | No changes in this release. | N/A |
| 3.0.13 | No changes in this release. | N/A |
| 3.0.12 | No changes in this release. | N/A |
| 3.0.11 | No changes in this release. | N/A |
| 3.0.10 | No changes in this release. | N/A |
| 3.0.9 | No changes in this release. | N/A |
| 3.0.8 | No changes in this release. | N/A |
| 3.0.7 | No changes in this release. | N/A |
| 3.0.6 | No changes in this release. | N/A |
| 3.0.5 | Improvements - Vulnerability Definition — Patch information is now reported more clearly: a dedicated "Patch publication date" attribute replaces the previous "Patch published" attribute, and a "Patch available" indicator is set whenever a patch publication date is present. | • Vulnerability Definition: the "Patch published" attribute was renamed to "Patch publication date". Values stored under the old attribute name remain in place but are no longer updated. Re-sync the connector so finding definitions populate the new attribute. |
| 3.0.4 | Improvements - Vulnerability Definition — Severity is now expressed as a standardized severity score attribute, aligning Tenable Nessus with the severity scoring used across other Brinqa connectors. | • Vulnerability Definition: the previous severity-number attribute was replaced by a standardized severity-score attribute, and the scoring scale changed. Re-sync the connector so existing finding definitions are repopulated with the new severity score. |
| 3.0.3 | No changes in this release. | N/A |
| 3.0.2 | Overview The Tenable Nessus connector integrates with Tenable Nessus to synchronize scanned hosts, completed scans, and the vulnerabilities and vulnerability definitions discovered during scanning. Category: Vulnerability Management Models | N/A |