Nessus Latest Version

[Fairy Dawdy]

Ifyou are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.

You can now use Tenable Nessus Manager to create and manage agent profiles in the new Sensors > Agent Profiles menu. You can use agent profiles to apply specific product versions to groups of linked agents.

Addressed a vulnerability in which the Windows Tenable Nessus setup process could have failed to set proper access rights for the installation folder if you chose a custom installation path during installation.

Resolved a stored XSS vulnerability in which an authenticated remote attacker with administrator privileges in Tenable Nessus could alter proxy settings, which could lead to the execution of remote arbitrary scripts.

Copyright 2024 Tenable, Inc. All rights reserved. Tenable, Tenable Nessus, Tenable Lumin, Assure, and the Tenable logo are registered trademarks of Tenable, Inc. or its affiliates. All other products or services are trademarks of their respective owners.

First off, I'm surprised no-one has mentioned this yet, but the main issue with the EA you posted, is that it's not an EA. Extension Attributes only work if some string or result of a command is output (usually echoed) between and tags. Otherwise the EA for your Macs will remain blank in your console forever.

But outside of that, if you still need some help in getting a working EA together, I'll post the old ones I used to use as well. We no longer use Nessus where I am, but when we did, this was the Extension Attribute I had for the version:

I also had this EA for capturing its status, as in Installed (Running + Connected etc.) or what the status was. I have no idea if this even works anymore with the current Nessus agent version, but you can try it in case it interests you.

Hey everyone. I tried several/all of these solutions above and I am not having much luck. Either I am not getting hardly any version information or more importantly my results are coming back that the tenable agent is installed on all of my fleet which is not true. Any ideas of what is happening?

Jamf's purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple and protects personal privacy. Learn about Jamf.

This site contains User Content submitted by Jamf Nation community members. Jamf does not review User Content submitted by members or other third parties before it is posted. All content on Jamf Nation is for informational purposes only. Information and posts may be out of date when you view them. Jamf is not responsible for, nor assumes any liability for any User Content or other third-party content appearing on Jamf Nation.

However, when we try to install any of these updates on the machine we get a message to say that this update is already installed. Furthermore, our WSUS server also reports that none of these updates are required by our machine. To avoid any doubt i sent the machine straight out to MS Update via the internet but again, it reports no updates are required.

Nessus should show you what it is doing to detect the presence of each vulnerability, normally for Office updates it should show you the version number of a specific file like excel.exe which should mean it is fairly easy to manually check.

This is one reason I hate the old Office update method as you end up chasing issues like this where it thinks it is up to date because the most recent KB is installed but it is actually missing older updates. One nice thing with Office 365 / 2019 is the move updates that check for all changed files so you can have more confidence that Office is actually up to date and not missing anything (since the May update includes every previous update too).

I have a bit of confusion going on here at work. I and a handful of engineers believe that nessus (being a port scanner as far as we know) won't care one bit that I wish to rename the tomcat directory on our server from /usr/java/apache-tomcat-5.5.33 to /usr/java/apache-tomcat.

That's the actual vulnerability report. If it got the info from the tomcat banner, it could have done that through the open web service port, in which case there are no credentials and it doesn't care where the tomcat directory actually lives. That doesn't mean that there aren't credentials, though, it just means it's possible it got that info without them. You could try moving it and rescanning to see if it detects the vuln, or edit the scan and select the "Policy / Credential" section, you can see if there are credentials specified for that particular scan.

I've been searching for a couple days, even contacting support, to find out if Nessus has a bundle that scans for PCI compliance. It selects all 44 categories and regardless of what kind of scan I create (under policies) this is the default selection. Because this is the HTML5 version there seems to be very little documentation/resources online.

Does anyone know the minimal requirements? I've done a filter search for any plugin that has the name "PCI" and this takes it down to a handful but I'm not sure if this excludes a ton of things either.

There exists a policy shipped as part of the distribution service called "Prepare for PCI-DSS audits (section 11.2.2)". This is a policy that has all plugins enabled, TCP scan of all ports, safe checks enabled, web tests enabled, the PCI-DSS setting enabled, and several other things that are less important. I would recommend copying this policy to something else and modifying it instead.

Many of the checks used are local, so you will definitely need to add credentials for an account that has Administrator or root level privileges. For Windows that user should be a Domain Admin or be in the Local Administrators group. For Linux/UNIX the user should have escalation rights, this would be sudo, su, enable, or whatever your distribution uses.

You also need to take into account what type of services the target host is running. Is that server hosting a web application? Web testing is enabled, but it will likely require authentication to use. If your website is using form based auth, then you can go to the 'Preferences' tab, from the drop down select "HTTP login page" and configure it from there. If it's doing Basic Auth then pick the "Login configurations" drop down. Is your server hosting a database? Go to the "Database settings" page and punch in the right values.

You should also look into the various and sundry audit policies. If you log into the Support Center and go to the Downloads page you'll see a link for "PCI Audit Policies". That contains audit policies for many different operating systems. Download the appropriate one and add it to your scan. All of the audits are added, and configured, within the "Preferences" tab. Just pick the appropriate entry from the drop-down box for whatever policy you're using. While you're at it, look through the other audit policies as well. They'll mostly based off DISA STIGs, CIS documents, or FSMA. However, some are written against best practices documents published by the vendors, such as the PostgreSQL audits. Some of the audits may require local customizations so be wary of taking the PASS/FAIL marks as Truth. Keep in mind that the audits are only available to ProfessionalFeed customers (you are a ProfessionalFeed customer right?).

3a8082e126