It is possible to automate the entire process of downloading the Nessus Agent, installing it on the Windows machine and linking it to your account by using a PowerShell script.
This script guides you through the Tenable agent installation process. It is currently in its first revision so would benefit from some feedback - if you have any questions or wish to give feedback, please email [email protected].
If you need additional information on how to install the agent, please visit: https://gitlab.com/intruder/tenable-agent-installer
Once downloaded, you will need to follow one of the chosen sets of instructions below:
… if you wish to provide the KEY and PREFIX interactively
Double click on the
install-agent.ps1
file.You will be prompted for your Nessus Key and Intruder Customer Prefix.
You will then be prompted to confirm that you accept the Tenable EULA.
…if you wish to provide the UUID in the PowerShell execution command
You can also run the following command (with your Prefix as the "
CUSTOMER_UUID
"), which will find the latest 32 or 64-bit version of the Nessus installer and install it for you then link the agent to your portal
.\install-agent.ps1 -AcceptEULA -NessusKey "819652a91d674e8d5be08e21299f1a3c69bd9806c72e24bc05df6b32b8db7fe1" -CustomerUUID "YOUR PREFIX"
The
-AcceptEULA
flag is a confirmation that you have read and agree to Tenable's EULA.
Note: You need to replace NESSUS_KEY and CUSTOMER_UUID with your own values, these can be found from heading to Targets page > Add Target + > Internal Targets > Mass Deployment.
…if you already have the agent stored on a network drive
If you are completing mass deployment across your internal network, you could download the latest version of the appropriate MSI file from Tenable, store it somewhere on your internal network (e.g. "\\FILESERVER\software\NessusAgent-10.1.3-x64.msi"
which replaces {PATH_TO_INSTALLER}
in the command below) and run the following command:
.\install-agent.ps1 -AcceptEULA -MsiPath {PATH_TO_INSTALLER} -NessusKey "NESSUS_KEY" -CustomerUUID "CUSTOMER_UUID"
In all of the above instances, you will need to replace the NESSUS_KEY and CUSTOMER_UUID with your own values again, then replace the path to your downloaded MSI file. This is the best option for deploying using something like InTune.
Every target will use the currently configured DNS name for the system on which the script is run.
Currently the NESSUS_KEY
and CUST_UUID
are mandatory parameters. But, it is also worth highlighting that $NESSUS_KEY
and $CUST_UUID
values are hardcoded in the script which you could update themselves - for example if you are an MSP, you could specify a client at the end of the CUST_UUID e.g. [YourPrefix]_[ClientName]_[DeviceName]