Nessus Professional

Overview

The Nessus Professional integration connects the Praetorian Guard Platform (PGP) with Tenable's Nessus Professional vulnerability scanner. This integration enables security teams to automatically import vulnerability scan results, host-level findings, and plugin details directly into PGP, providing a unified view of your vulnerability landscape alongside other security data.

By consolidating Nessus scan data within PGP, organizations gain the ability to correlate vulnerability findings with other attack surface data, prioritize remediation efforts across tools, and maintain a comprehensive inventory of discovered assets. The integration operates in a read-only capacity, retrieving scan results without modifying any configurations or data within your Nessus deployment.

Nessus Professional is an industry-leading vulnerability assessment tool used to identify vulnerabilities, misconfigurations, and compliance gaps across network infrastructure. This integration brings that detailed scan data into PGP to enhance your overall security posture management.

What the Integration Does

The Nessus Professional integration performs the following operations during each sync cycle:

  • Retrieves scan list — Queries the Nessus API for all available scans in the instance.

  • Enumerates hosts — For each scan, retrieves the list of scanned hosts and their host IDs.

  • Imports host data as assets — For each host, extracts the IP address and FQDN (if available) and creates an asset record in PGP. When a host has a fully qualified domain name, PGP uses the FQDN as the primary identifier; otherwise, the IP address is used.

  • Imports vulnerabilities as risks — For each host, retrieves all vulnerability findings with a severity greater than zero (informational findings are excluded). Each vulnerability is imported as a risk associated with the corresponding asset.

  • Retrieves plugin details — For each vulnerability, fetches the full plugin output including the description and detailed findings, which are attached as proof to the risk record.

All operations are strictly read-only. PGP does not create, modify, or delete any scans, policies, or configurations in Nessus.

Prerequisites

Before configuring the Nessus Professional integration, ensure you have:

  • Nessus Professional installed and running with accessible network connectivity from PGP

  • API access keys generated from your Nessus instance

  • At least one completed scan with results available

Generating Nessus API Keys

  • Log in to your Nessus Professional web interface.

  • Click your user account name in the upper-right corner and select API Keys.

  • Click Generate to create a new API key pair.

  • Copy both the Access Key and Secret Key — these will not be shown again.

Setup

To configure the Nessus Professional integration in PGP:

  • Navigate to the Integrations page in PGP.

  • Locate Nessus Professional and click Connect.

  • Enter the required credentials in the configuration form.

  • Click Save to activate the integration.

Configuration Fields

Field

Description

Example

URL

The base URL of your Nessus instance, including protocol and port

https://nessus.example.com:8834

Access Key

The API access key generated from your Nessus user settings

abcd1234-5678-efgh-...

Secret Key

The API secret key paired with the access key

ijkl9012-3456-mnop-...

What Data Is Synced

Assets

PGP creates asset records for each host discovered in Nessus scans.

Nessus Field

PGP Field

Description

host-fqdn

Asset name

Fully qualified domain name of the scanned host (preferred)

host-ip

Asset IP

IP address of the scanned host (used as name if no FQDN)

Risks

PGP creates risk records for each vulnerability finding with a severity level above zero.

Nessus Field

PGP Field

Description

plugin_name

Risk name

The name of the Nessus plugin that detected the vulnerability

description

Risk comment

Detailed description of the vulnerability from the plugin attributes

plugin_output

Risk proof

Raw plugin output providing evidence and technical details of the finding

severity

Risk triage

Nessus severity level (findings with severity 0 are excluded)

Severity Mapping

Nessus findings are imported with the following severity filtering:

Nessus Severity

Description

Imported

0

Informational

No

1

Low

Yes

2

Medium

Yes

3

High

Yes

4

Critical

Yes

API Endpoints Used

The integration uses the following Nessus REST API endpoints. All requests are authenticated using the X-ApiKeys header with the configured access key and secret key.

Method

Endpoint

Purpose

GET

/scans

Retrieves the list of all scans

GET

/scans/{scan_id}

Retrieves scan details including host list

GET

/scans/{scan_id}/hosts/{host_id}

Retrieves host details and vulnerability list

GET

/scans/{scan_id}/hosts/{host_id}/plugins/{plugin_id}

Retrieves plugin details and output for a specific finding

Troubleshooting

Issue

Cause

Fix

Connection refused or timeout

Nessus instance is not reachable from PGP

Verify the URL is correct and that network/firewall rules allow connectivity on the configured port (default 8834)

401 Unauthorized

Invalid or expired API keys

Regenerate API keys in Nessus and update the integration configuration in PGP

SSL/TLS certificate error

Self-signed or untrusted certificate on Nessus instance

The integration supports self-signed certificates. Verify the URL uses the correct protocol (https)

No assets or risks imported

No completed scans with results in Nessus

Run at least one scan in Nessus and wait for it to complete before syncing

Missing vulnerabilities

Only informational-severity findings exist

The integration excludes severity-0 (informational) findings. Verify that scans have detected vulnerabilities with severity 1 or higher

Partial data imported

Network interruption during sync

Re-run the integration; it will resume fetching data from all scans

Security and Data Handling

  • Read-only access — The integration only reads scan results and host data from Nessus. It does not create, modify, or delete scans, policies, plugins, or any other Nessus configuration.

  • Credential storage — API access keys and secret keys are stored encrypted within PGP and are never exposed in logs or the user interface after initial configuration.

  • TLS support — The integration supports connections to Nessus instances using self-signed TLS certificates, which is common in enterprise deployments.

  • Data transfer — All communication between PGP and your Nessus instance occurs over HTTPS.