Tenable Nessus Integration

Overview

Tenable Nessus provides vulnerability scanning and assessment for networks and applications. KYRA MDR collects Nessus scan results via the API for vulnerability management and compliance monitoring.

Prerequisites

• A KYRA MDR Collector installed and running
• Tenable Nessus Professional or Tenable.io account
• API access keys (Access Key and Secret Key)
• Completed vulnerability scans

Configuration

Configure Nessus API integration:

For Tenable.io:

1. Navigate to Settings > My Account > API Keys
2. Generate API keys
3. Configure the KYRA MDR collector:

collector-config.yaml

sources:
  - type: nessus
    api_url: https://cloud.tenable.com
    access_key: <access-key>
    secret_key: <secret-key>
    poll_interval: 3600s

For Nessus Professional:

sources:
  - type: nessus
    api_url: https://<nessus-ip>:8834
    access_key: <access-key>
    secret_key: <secret-key>
    poll_interval: 3600s
    verify_ssl: false

Collected Log Types

Log Type	Description	Security Use
Vulnerability	Individual vulnerability findings	Risk assessment
Compliance	Compliance check results	Regulatory compliance
Remediation	Remediation recommendations	Patch prioritization
Plugin Output	Detailed scan output	Investigation context
Host Summary	Per-host vulnerability counts	Asset risk scoring
Scan History	Scan execution history	Coverage tracking

Troubleshooting

No scan data: Verify API keys are valid and have sufficient permissions.

Stale data: Scan data is only updated when scans complete. Match the poll interval to your scan schedule.

SSL errors: For on-premises Nessus, set verify_ssl: false if using a self-signed certificate.

Contact kyra@seekerslab.com for support.