BumblebeeBumblebee
Integrations

Tenable Nessus (on-prem)

Overview

Nessus is Tenable's self-hosted vulnerability scanner (Nessus Professional / Manager). Unlike the cloud Tenable Vulnerability Management integration — which talks to the shared cloud.tenable.com platform — this integration connects directly to your own Nessus install over its REST API on https://<host>:8834.

The Bumblebee integration is read + report-export only. It exposes one thin HTTP tool per Nessus resource type (server, scans, export, plugins, policies); the agent picks the endpoint and parameters based on the request. Bumblebee can read scans, per-host findings, templates, and plugins and export reports, but cannot create, launch, or edit scans. This integration is currently a research preview.

Prerequisites & Setup

Before setting up the Nessus integration, you need:

  • A reachable Nessus Professional or Manager install (Nessus Essentials does not expose API keys)
  • Network access from Bumblebee to the scanner on port 8834
  • An admin (or service) user on the scanner to generate API keys

Generate API Keys

  1. Open your Nessus console and note the base URL — https://<host>:8834
  2. Click your user avatar (top-right) and choose My Account
  3. Open the API Keys tab
  4. Click Generate to create an access key / secret key pair
  5. Copy both values immediately — Nessus shows them only once and they cannot be retrieved later

Generating new keys invalidates the user's previous keys, so prefer a dedicated service account if the user already has keys in use elsewhere.

Configure in Bumblebee

  1. Go to the Integrations page in Bumblebee
  2. Select Tenable Nessus (on-prem)
  3. Enter your Nessus URL (e.g. https://your-host:8834)
  4. Paste the Access Key and Secret Key
  5. Save the configuration
  6. Run a test request (e.g. server status) from the validation card

Nessus ships with a self-signed TLS certificate; Bumblebee does not verify the certificate by default, so no extra configuration is required for a standard self-hosted setup.

Authentication

Nessus authenticates with an X-ApiKeys header carrying the access/secret key pair. Bumblebee stores the scanner URL alongside the keys (the base URL is per-customer because Nessus is self-hosted).

Available Tools

Each tool is a thin HTTP passthrough scoped to one Nessus resource type. The agent supplies an HTTP method, path, optional query parameters, and optional body.

ToolResourceExample endpoints
tenable_nessus_server_requestServer / session/server/status, /server/properties, /session, /folders, /scanners
tenable_nessus_scans_requestScans & findings/scans, /scans/{id}, /scans/{id}/hosts/{host}, /editor/scan/templates
tenable_nessus_export_requestReport exportPOST /scans/{id}/export → status → download
tenable_nessus_plugins_requestPlugin database/plugins/families, /plugins/plugin/{id}
tenable_nessus_policies_requestPolicies/policies, /editor/policy/templates

Notes & Limits

  • Report export requires a paid license. On a trial/eval license every export format returns a "not allowed in trial mode" error.
  • /agents and /agent-groups are Manager / Tenable.io only and are not available on Nessus Professional.
  • Severity is an integer: 0 Info, 1 Low, 2 Medium, 3 High, 4 Critical.

Syncro

Integrate Bumblebee with Syncro for unified PSA and RMM automation

Tenable Vulnerability Management

Connect Bumblebee with Tenable One to read vulnerabilities, assets, web app scan findings, MSSP child accounts, exposure data, and PCI attestations

On this page

OverviewPrerequisites & SetupGenerate API KeysConfigure in BumblebeeAuthenticationAvailable ToolsNotes & Limits