Nessus Agent Deployment Guide
Human Concern International
For IT, security, or MSP teams at Human Concern International.
1. Overview
This document outlines the installation and deployment process for Tenable Nessus Agents across Human Concern International endpoints and servers.
Nessus Agents allow centralized vulnerability scanning via Tenable Cloud (cloud.tenable.com) without requiring direct inbound network access.
2. Official Resources
Whitepaper:
https://www.tenable.com/whitepapers/nessus-agentsDownload Page:
https://www.tenable.com/downloads/nessus-agentsInstallation Guide:
https://docs.tenable.com/nessus/Content/InstallNessusAgent.htmLarge-Scale Deployment Guide:
https://docs.tenable.com/other/nessusagent/Nesuss_Agent_Large_Scale_Deployment_Guide.pdfSupported Operating Systems:
https://docs.tenable.com/nessusagent/Content/RequirementsSoftware.htmSystem Utilization:
https://docs.tenable.com/nessusagent/Content/HostSystemUtilization.htm
3. Organization-Specific Configuration
Linking Key
507687e76403fe31045a0ae813c1bd2a4deaeaea656ac6e85a625ee7327d40e2
Server (Tenable Cloud)
cloud.tenable.com:443
On Linux installations, you may alternatively use the
--cloudflag.
Groups
Agents must be assigned to one of the following:
Workstation
Server
4. Deployment Methods
Option A: Manual Installation (Small Deployments)
Download the appropriate agent for the OS.
Install using the standard installer.
Link the agent using the provided server and linking key.
Confirm agent appears in Tenable Cloud.
Option B: Automated Windows Deployment (GPO / SCCM / RMM)
Use the following installation string for silent deployment:
msiexec /i NessusAgent-<version>-x64.msi NESSUS_SERVER="cloud.tenable.com:443" NESSUS_GROUPS="Workstation" NESSUS_KEY=507687e76403fe31045a0ae813c1bd2a4deaeaea656ac6e85a625ee7327d40e2 /qn
For servers:
msiexec /i NessusAgent-<version>-x64.msi NESSUS_SERVER="cloud.tenable.com:443" NESSUS_GROUPS="Server" NESSUS_KEY=507687e76403fe31045a0ae813c1bd2a4deaeaea656ac6e85a625ee7327d40e2 /qn
Notes:
Replace
<version>with the actual downloaded file version./qnensures a silent installation.Ensure outbound access to
cloud.tenable.com:443is allowed.
Option C: Linux Deployment
After installing the agent package:
sudo /opt/nessus_agent/sbin/nessuscli agent link \--key=507687e76403fe31045a0ae813c1bd2a4deaeaea656ac6e85a625ee7327d40e2 \--cloud \--groups=Workstation
For servers, replace:
--groups=Server
5. Firewall Requirements
Ensure outbound HTTPS access:
Destination:
cloud.tenable.comPort:
443Protocol: HTTPS
No inbound firewall rules are required.
6. Verification Checklist
After deployment:
Agent service is running
Device appears in Tenable Cloud console
Correct group assignment (Workstation/Server)
Last check-in timestamp updates
No linking errors in agent logs
7. Large-Scale Deployment Considerations
For environments over 100+ endpoints:
Stagger deployments to avoid bandwidth spikes
Use GPO, Intune, SCCM, or RMM tools
Validate on pilot group before organization-wide rollout
Monitor system utilization (CPU/RAM impact)
Document rollback procedure
8. Best Practices
Separate workstation and server groups
Exclude domain controllers from aggressive scan windows
Monitor agent health weekly
Rotate linking key if compromised
Keep agent version updated quarterly