Nessus Features

For vulnerability, configuration and compliance assessment

Scanning Capabilities


  • Accurate, high-speed asset discovery
  • Un-credentialed vulnerability discovery
  • Credentialed scanning for system misconfigurations & missing patches

Broad Asset Coverage and Profiling

  • Network devices: Firewalls/Routers/Switches (Juniper, Check Point, Cisco, Palo Alto Networks), printers, storage
  • Offline configuration auditing of network devices
  • Virtualization: VMware ESX, ESXi, vSphere, vCenter
  • Operating Systems: Windows, Mac, Linux, Solaris, BSD, Cisco iOS, IBM iSeries
  • Databases: Oracle, SQL Server, MySQL, DB2, Informix/DRDA, PostgreSQL
  • Web applications: Web servers, web services, OWASP vulnerabilities
  • Cloud: Deployed as AWS AMI

Control Systems Auditing

SCADA systems, embedded devices and ICS applications

Sensitive Content Auditing

PII (e.g. credit card numbers, SSNs)

Automatic Scan Analysis

Remediation action priority and scan tuning recommendations.

Selective Host Re-Scanning

After a scan, re-scan all or a subsection of previously scanned hosts.

Threats: Botnet/Malicious Process/Anti-virus Auditing

Detect Viruses, malware, backdoors, hosts communicating with Botnet-Infected systems, known/unknown processes, web services linking to malicious content.

Compliance Auditing

  • CyberScope
  • GLBA
  • NERC
  • PCI
  • SCAP
  • SOX

Configuration Auditing

  • CERT
  • CIS
  • FDCC
  • ISO
  • NIST
  • NSA

Additional Scanning Capabilities

Available in Nessus Manager and Nessus Cloud

Patch Auditing

Integrates with patch management solutions (IBM, Microsoft, Red HatĀ®, and Dell)

Mobile Device Auditing

Lists iOS, Android, and Windows Phone 7 devices accessing the network and detects mobile vulnerabilities. Integrates with major MDMs (MSFT, Apple, Good, MobileIron, AirWatch).

Deployment and Management

Flexible Deployment

Software, hardware and virtual appliances, cloud service providers or as a Tenable service. Can be attached to Nessus Manager for resource sharing.

Configure via Nessus UI

Easily create policies using a variety of wizards and schedule scans to run once or on recurring basis

Risk Assessment

Risk rankings based on CVE scoring with five severity levels: Critical, High, Medium, Low, Info

Agent-less or Agent-based scanning

Multiple scanning modes allow organizations to increase their scan coverage. Agents are available with Nessus Manager and Nessus Cloud

Nessus RESTful API

Standard, supported and documented API for integrating Nessus into your vulnerability management workflow.

Credential Management

Obtain credentials from CyberArk for use in a Nessus scan, saving you time in both adding and updating credentials in Nessus.

Requires Nessus Cloud or Nessus Manager.

Reporting and Monitoring

Flexible Reporting

Customize reports to sort by vulnerability or host, create an executive summary, or compare scan results to highlight changes. Formats: Native (XML), PDF (requires Oracle Java be installed on Nessus server), CSV, and HTML.

Targeted Email Notifications

Targeted email notifications of scan results, remediation recommendations and scan configuration improvements


Dashboards display a variety of Nessus scan results to help users identify things like patching of critical systems and reliability of scan results.

Dashboards require Nessus Cloud or Nessus Manager.

Results / Report Sharing

Automatic post-scan analysis with attachments/screenshots stored in scan reports. (Report sharing requires Nessus Manager)

Getting Started

Try Nessus

Get a free trial for your organization

Try Now

Buy Nessus

Get the full power of vulnerability scanning

Buy Now