Nessus Professional

Tenable Nessus

The Nessus integration allows the Praetorian Guard Platform (PGP) to ingest vulnerability data directly from your Nessus Professional deployment, providing a unified view of your security posture. The Nessus integration with PGP offers two flexible methods for incorporating vulnerability data into your security program: continuous API integration and point-in-time file imports.

Through the API integration, PGP continuously synchronizes with your Nessus Professional deployment, providing real-time visibility into vulnerability scan results. This allows for automated, ongoing monitoring of your security posture without manual intervention.

For organizations that prefer periodic assessments or have air-gapped environments, PGP also supports importing Nessus scan results directly from exported files. This enables teams to perform point-in-time analysis or maintain security data in environments with restricted network access.

Both methods enable PGP to track and analyze vulnerabilities across your assets while maintaining the context of their severity and impact.

What the Integration Does

The Nessus integration performs the following operations during each API sync cycle:

  • Retrieves scan list — Queries the Nessus API for all available scans in the instance.

  • Enumerates hosts — For each scan, retrieves the list of scanned hosts and their host IDs.

  • Imports host data as assets — For each host, extracts the IP address and FQDN (if available) and creates an asset record in PGP. When a host has a fully qualified domain name, PGP uses the FQDN as the primary identifier; otherwise, the IP address is used.

  • Imports vulnerabilities as risks — For each host, retrieves all vulnerability findings with a severity greater than zero (informational findings are excluded). Each vulnerability is imported as a risk associated with the corresponding asset.

  • Retrieves plugin details — For each vulnerability, fetches the full plugin output including the description and detailed findings, which are attached as proof to the risk record.

All operations are strictly read-only. PGP does not create, modify, or delete any scans, policies, or configurations in Nessus.

Prerequisites

Before configuring the Nessus integration, ensure you have:

  • Nessus Professional installed and running with accessible network connectivity from PGP

  • API access keys generated from your Nessus instance (for API integration)

  • At least one completed scan with results available

Continuous integration using the API

To enable the continuous integration between PGP and Nessus, you'll need to generate API credentials from your Nessus Professional instance.

Generating Nessus API Keys

Users must create an API key from Nessus. Make sure you have administrator access to the Nessus Professional portal. These are the steps:

To generate an API key:

  1. In Tenable Nessus, in the top navigation bar, click Settings. The About page appears.

    null

  2. In the left navigation bar, click My Account. The My Account page appears.

  3. Click the API Keys tab.

  4. Click Generate. A dialog box appears, confirming your selection to generate a new API key._Note: After clicking the Generate button, a warning window notifies you that any previously generated keys will no longer be valid after generating new API keys._Notice: API Keys are only presented upon initial generation. Please store them in a safe location as they can not be retrieved later and will need to be regenerated if lost. Your new API key appears.

Configuring the Integration in PGP

Moving over to your PGP instance, the integration process is straightforward. Look for the Integrations section in the left navigation menu - you'll find it under the Administration heading near the bottom.

Click on "Add Integration" to see all available integration options.

You can easily locate the Nessus integration either by using the search function or by browsing the Vulnerability Management section of the integration cards.

When you click "Connect" on the Nessus card, you'll see a configuration popup where you can enter:

  • Nessus API URL - The API URL for your Nessus Professional instance. The expected format is https://ip:port or https://domain.tld:port. The default port used by Nessus Professional is 8834.

  • Access key - Your 64-character Tenable access key.

  • Secret key - Your 64-character Tenable secret key.

Once you've entered these details, PGP will integrate. The integration will automatically:

  • Pull scan results from Nessus scans

  • Map discovered vulnerabilities to assets in PGP

  • Import vulnerability severity levels and details

  • Track vulnerability proofs and outputs

  • Associate port and protocol information with discovered services

Importing Nessus Scan Results

PGP allows you to import scan results directly from Nessus. Here's how to import your scan data: Importing your Nessus scan data starts in your Nessus console. Once you log in, you will see "My Scans". This shows the scans that are available for export.

Clicking on export will open the following:

Chose the CSV option and click Generate Report. This will produce a .nessus file.

Moving over to your PGP instance, the integration process is straightforward. Look for the Integrations section in the left navigation menu - you'll find it under the Administration heading near the bottom.

Click on "Add Integration" to see all available integration options.

You can easily locate the Nessus integration either by using the search function or by browsing the Vulnerability Management section of the integration cards.

When you click "Connect" on the Nessus card, you'll see a configuration popup either drag and drop the .nessus export file, or Chose Files from your local system:

When you upload the file, PGP processes the scan data comprehensively. It extracts all the key information about your assets, including both IP addresses and fully qualified domain names (FQDNs). The system analyzes each vulnerability finding, capturing details like risk levels, technical specifications, and proof of findings. To keep things focused on actionable items, PGP automatically filters out informational findings.

After processing completes, you'll find all your imported data in your PGP account. Each vulnerability is presented with its risk rating, a synopsis of the issue, and the technical evidence captured during the scan. This gives you a clear view of your security posture based on the Nessus scan results.

What Data Is Synced

Assets

PGP creates asset records for each host discovered in Nessus scans.

Nessus Field

PGP Field

Description

host-fqdn

Asset name

Fully qualified domain name of the scanned host (preferred)

host-ip

Asset IP

IP address of the scanned host (used as name if no FQDN)

Risks

PGP creates risk records for each vulnerability finding with a severity level above zero.

Nessus Field

PGP Field

Description

plugin_name

Risk name

The name of the Nessus plugin that detected the vulnerability

description

Risk comment

Detailed description of the vulnerability from the plugin attributes

plugin_output

Risk proof

Raw plugin output providing evidence and technical details of the finding

severity

Risk triage

Nessus severity level (findings with severity 0 are excluded)

Severity Mapping

Nessus findings are imported with the following severity filtering:

Nessus Severity

Description

Imported

0

Informational

No

1

Low

Yes

2

Medium

Yes

3

High

Yes

4

Critical

Yes

API Endpoints Used

The integration uses the following Nessus REST API endpoints. All requests are authenticated using the X-ApiKeys header with the configured access key and secret key.

Method

Endpoint

Purpose

GET

/scans

Retrieves the list of all scans

GET

/scans/{scan_id}

Retrieves scan details including host list

GET

/scans/{scan_id}/hosts/{host_id}

Retrieves host details and vulnerability list

GET

/scans/{scan_id}/hosts/{host_id}/plugins/{plugin_id}

Retrieves plugin details and output for a specific finding

Troubleshooting

Issue

Cause

Fix

Connection refused or timeout

Nessus instance is not reachable from PGP

Verify the URL is correct and that network/firewall rules allow connectivity on the configured port (default 8834)

401 Unauthorized

Invalid or expired API keys

Regenerate API keys in Nessus and update the integration configuration in PGP

SSL/TLS certificate error

Self-signed or untrusted certificate on Nessus instance

The integration supports self-signed certificates. Verify the URL uses the correct protocol (https)

No assets or risks imported

No completed scans with results in Nessus

Run at least one scan in Nessus and wait for it to complete before syncing

Missing vulnerabilities

Only informational-severity findings exist

The integration excludes severity-0 (informational) findings. Verify that scans have detected vulnerabilities with severity 1 or higher

Partial data imported

Network interruption during sync

Re-run the integration; it will resume fetching data from all scans

Security and Data Handling

  • Read-only access — The integration only reads scan results and host data from Nessus. It does not create, modify, or delete scans, policies, plugins, or any other Nessus configuration.

  • Credential storage — API access keys and secret keys are stored encrypted within PGP and are never exposed in logs or the user interface after initial configuration.

  • TLS support — The integration supports connections to Nessus instances using self-signed TLS certificates, which is common in enterprise deployments.

  • Data transfer — All communication between PGP and your Nessus instance occurs over HTTPS.

If you find a topic that you would like discussed in detail, or need further assistance, please let us know at support@praetorian.com!