All integrations
NetworkDASTCompliance

Nessus Professional integration

Centraleyezer ingests Tenable Nessus results two ways: upload the scanner’s native .nessus XML export, or connect directly to the Nessus REST API so every completed scan is pulled in automatically on the import schedule. Dedicated mapping templates exist for standard network scans, compliance audits, and web application scans.

Scan types imported

  • Network & host vulnerability scans
  • Authenticated local checks
  • Compliance audits (CIS / DISA STIG)
  • Web application scan results

File import

XML (.nessus)

Export any scan from Nessus as a .nessus file (Export → Nessus) and upload it against the Nessus source. Three mapping templates ship out of the box: Nessus (network vulnerabilities), Nessus Compliance (CIS/DISA audit checks, including pass/fail handling), and Nessus Web (web application findings).

What Centraleyezer expects in the file

  • Standard Nessus v2 XML: one ReportHost per asset, one ReportItem per finding.
  • Per finding: plugin name, description, solution, port, protocol, CVE list, CVSSv3 base score and vector, plugin output, and the Nessus severity (0–4), which drives risk scoring.
  • Compliance exports map compliance-check-name, compliance-solution and the actual value returned; passed checks are handled via the result field.
  • Assets are matched by the ReportHost name/IP against your project assets.

API connection

Connect Centraleyezer to the Nessus scanner’s REST API. After saving the connection, click Test to list the scans visible to your account and pick the one to import (the Remote Identifier). Centraleyezer can also drive Nessus as a managed scanner: it creates and launches a scan named after your project with a policy you choose, then imports the results when the scan completes.

Configuration

Hostname
Nessus host and port in hostname:port form — e.g. nessus.corp.local:8834 (8834 is the Nessus default).
Username / Password
A Nessus user account. Centraleyezer authenticates against POST /session the same way the Nessus web UI does.
Start Date
Only scans modified on or after this date are offered/imported.
Remote Identifier
The Nessus scan to import — populated by the Test button from the scanner’s scan list (trash folder excluded).
Proxy (optional)
HTTP proxy host:port plus optional proxy credentials if the scanner is reached through a proxy.

Where to get the credentials

Use a dedicated Nessus local user (Settings → Users in the Nessus UI). No API keys are needed — Centraleyezer performs the same session login as the browser and resolves the required API token automatically.

What gets imported on every run

  • Every host and finding of the selected scan: plugin name, description, solution, severity, CVE, CVSSv3 score/vector, port, protocol and plugin output.
  • Installed-software inventory from the Common Platform Enumeration (CPE) plugin, linked to each asset.
  • TLS/SSL certificate inventory from the SSL-related plugins (certificate expiry, weak configurations).
  • Re-imports are idempotent — a scan history that was already ingested is skipped automatically.

How imported findings are risk-scored

Every Nessus Professional finding is normalised into Centraleyezer’s risk model on import: the scanner’s native severity scale maps to a configurable DREAD vector (Damage, Reproducibility, Exploitability, Affected users, Discoverability), which combines with asset criticality, network exposure, exploitability intelligence and the platform’s other risk factors to produce one comparable risk score across every scanner you run. CVE, CVSS and CWE metadata are preserved on the finding for reference and reporting, and duplicate findings from repeated imports are automatically correlated instead of creating noise.

See the Nessus Professional integration live

Book a demo and we’ll connect your Nessus Professional data and walk through risk-based prioritisation on your own findings.

Nessus Professional Integration — Setup & Imported Scan Types