Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Nessus 4.4.0 Released!

Tenable is excited to announce a new release of the Nessus vulnerability scanner! This is a major release (moving from 4.2.2 to 4.4.0) and includes several new features and enhancements, including the addition of scan scheduling and enhanced reporting. The GUI and web server have both been updated and will be released through the plugin feed. The enhancements included in the plugin feed will be backward compatible with Nessus 4.2, and some of the new features will be available in Nessus 4.2 via the plugin feed update. However all users are strongly encouraged to upgrade to the latest version to take advantage of all the new features.

The list below outlines the changes included in the 4.4.0 release, including sample reports, scheduling examples and more:

User interface

  • A brand new reporting engine produces improved reports. Two new HTML reports have been added: a detailed plugin report (results displayed by plugin / vulnerability) and an "Executive Summary" report that summarizes the top 10 most vulnerable hosts on the network.
Executive summary report
Click for larger image
An example of the "Executive Summary" report


Detailed HTML export

Click for larger image

An example of the “Detailed HTML export (by plugins)” report

  • Scan scheduling has been added for Nessus ProfessionalFeed users. It is now possible to schedule Nessus scans on a one-time, daily, weekly, monthly or yearly basis.
  • NessusSched1.png
    When creating a new scan, you can choose a type of "Scheduled", and then click "edit" to set the scanning frequency.

    NessusShed2.png
    A sample weekly scan schedule.

  • The XSLT transformations now take place on the server, instead of the user's web browser, for a unified and smoother user-experience.

  • The user interface now allows you to select multiple scans, policies or reports and delete them in bulk.

  • The web server is running and listening as soon as the "nessusd" process starts and no longer waits until it has finished processing the plugins.

  • When a scanner is managed by SecurityCenter, the web interface is now enabled and updated automatically.


  • NessusAbout.png

    The new "About Nessus" page, including the Feed type and expiration timer.

  • By clicking on "About" in the Flash interface, it's now possible to see how many days remain on your ProfessionalFeed subscription (for online updates).

Nessus Scanning Server Enhancements

  • Nessus can now reload its configuration file, plugins and web server while scans are in progress.
  • Per-scan memory requirements have been reduced by more than 50%. The average amount of memory needed per host is now approximately 1.3 MB (versus approximately 2.8 MB previously). This means that given the same amount of memory (and bandwidth permitting), you can double the "max_hosts" setting in your scan policy.
  • It is now possible to tune Nessus to use less memory when idle (at the price of a moderate performance impact).
  • It is possible to safely cipher all the policies (and the credentials they contain) by using the command "nessusd -K" to set a master key. Once a key is set, the server will prompt the user (via the web interface) at startup for the password.
  • NessusLocked.png
    A Nessus installation that has been locked using the new "nessusd -K" feature.

  • The web server uses gzip on its XMLRPC answers if the web client supports it.

  • The web server can make use of a SSL certificate chain.

  • Improved performance on Windows.

New (Often Requested) Platforms

  • Fedora 14 build
  • Ubuntu 10.10 build
  • FreeBSD 8 build
  • Oracle Linux is officially supported (via the RHEL ES5 packages)

Others

  • "nasl -M" now runs the scripts and their dependencies in command-line mode
  • "nessuscmd --fast" speeds up network discovery.

Bug Fixes

  • Fixed a few bugs when using the command "nessus -qSP".
  • Compliance results are now always listed in the order that the checks ran.
  • Packet forgery would not always work or use the correct route on Windows systems.
  • Plugin details did not change when selecting an open port.
  • When the client reloads the list of scans, it does not scroll the scan, policy or results window back to the top.

New customers can download and evaluate Nessus for free by visiting the Nessus homepage. Current customers can download the new version from the Tenable Support Portal. Detailed instructions and notes on upgrading are located in the Nessus 4.4 Installation Guide. Please contact Tenable Support (support -at- tenable.com) with any questions regarding the upgrade to Nessus 4.4.0. You can also visit the Nessus Discussion portal for more information.


Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.