🚨 IMPORTANT 🚨
Please note, when selecting the DeviceName this must be unique to avoid issues when scanning.
Please note, every organisation has a different environment, different device/software management processes and very different requirements so we can only provide a generic guide – we cannot account for every eventuality, but we hope this helps.
Get your agent information
Go to your Intruder account > Targets > Add Target > Internal Targets, and then populate the fields with the required information (please note, since you will be deploying multiple agents, the device name can be any value):
You will be presented with the following screen:
Installation instructions modal
Make sure you download the Nessus Agent to a clean folder on your computer (in this case and for the remainder of this guide we will refer to the agent MSI file as
NessusAgent-10.1.1-Win32.msiplease note that the
10.1.1part may change as new versions are released).
Take a copy of the command and keep it handy so you can extract the information you need to deploy to multiple agents.
In our example the command we will refer to is:
msiexec /i "NessusAgent-10.1.1-Win32.msi" NESSUS_SERVER="cloud.tenable.com:443" NESSUS_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef NESSUS_NAME=01234567-89ab-cdef-0123-456789abcdef_MYDEVICE /qn
Prepare your .intunewin package
Download the Microsoft Intune Win32 App Packaging Tool Microsoft via Github:
Create a folder and download your NessusAgent MSI file (
NessusAgent-10.1.1-Win32.msifrom the previous stage) in to that folder; if it's already in it's own folder don't worry about this step.
Create an installation file (named
Install.cmd) in the same folder as your
NessusAgent-10.1.1-Win32.msifile, and add the following installation command on a single line:
msiexec /i "NessusAgent-10.1.1-Win32.msi" NESSUS_SERVER="cloud.tenable.com:443" NESSUS_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef NESSUS_NAME=01234567-89ab-cdef-0123-456789abcdef_%ComputerName% /qn
Now, make sure that you:
NessusAgent-10.1.1-Win32.msiwith the exact name of the MSI you downloaded previously
NESSUS_KEYvalue with the one in the command you copied from the portal in the previous stage
NESSUS_NAMEvalue with the one in the command you copied from the portal in the previous stage, but add
_%ComputerName%to the end of the
%ComputerName%is a placeholder that will be automatically replaced with the name of computer at installation time).
Install.cmdfile and close
Open a Command Prompt
cmd.exeas Administrator (right-click on Command Prompt and "Run as Administrator")
IntuneWinAppUtil.exefrom the Intune Win32 App Packaging Tool that you downloaded previously.
Follow the steps to create the
.intunewinpackage that can be used to deploy to multiple systems:
Please specify the source folder:This should be the folder where your
Install.cmdfiles are located
Please specify the setup file:This should be the
Please specify the output folder:This should be the location you want to save the
.intunewinpackage, such as
Deploy your .intunewin package
In Intune you will need to add a Windows app (Win32)
When creating the app select
App package fileand upload your
Add your App Information if needed:
Programand change the
Install commandsetting to
Make sure the
Uninstall commandsetting is sensible
Make sure your App requirements are appropriate
Make sure the
Detection rulescontains a manually configured detection rule:
Rule type:this should be set to
MSI product code:this should be pre-populated
Make sure the
Return codesare appropriate, they should be pre-populated
Add your app
You should now be able to deploy your app to a test system and validate that the agent calls back to your Intruder portal account.
If you come unstuck, it might be worth reviewing the other help article found here.