5 Replies Latest reply: Oct 12, 2017 7:48 AM by nsanders RSS

Agent Group limitations

spur Novice

I've been asking my SE and support what I believe to be basic questions related to the Nessus Manager and the Nessus Agent. I've received some information that indicates that I should limit the number of agents in an Asset Group. The number I as given was 2000, however, I cannot find any supporting documentation on this. Can I get a group consistences on this subject? Is there a recommended limitation to the number of agents in a single Agent Group? If so, is it 2000? 

  • Re: Agent Group limitations
    nsanders Expert

    We currently have roughly 6,000 in one of our agent groups, using tenable.io. Aside from the lack of dynamic agent assignment (which we overcame with API scripts) it's been working fine.

    • Re: Agent Group limitations
      tomburm Novice

      I have similar troubles as the OP mentioned.  Can you share any of you APIs.  I would like to be able to add a list of agents to a agent group via the API.

       

      Thanks

      • Re: Agent Group limitations
        nsanders Expert

        We wrote an entire framework for automating security center and tenable.io. So there's no singular script I can share. We're hoping to opensource what we've done but have absolutely no ETA on that happening.

        • Re: Agent Group limitations
          tomburm Novice

          Nate, thanks for the quick reply.  I would be very interested in seeing this framework when you guys are ready to open source it.  Currently we are running about 20k agents and about 8k servers using SecurityCenter.  Im in the process of further developing our process however if you can share any success you have had i would love to hear.

          • Re: Agent Group limitations
            nsanders Expert

            Because there is no way to dynamically build agent groups in tenable.io (holy crap tenable, this is kind of a critical feature) we built an API script that reads from a yaml file that allows us to define dynamic characteristics of our assets such as subnets, hostnames (prefix/glob) as well as OS. This allows us to be able to build Agent Groups for Prod vs Corp or even Servers vs Workstations. Then we can schedule different scans based on these agent groups.

             

            We started with a single agent group of all workstations and just wrote an API script to auto add ALL agents to this single agent group. Now that we're adding in non-workstations we've moved to the new API script which allows dynamically building agent groups.

             

            I'm also curious how others are handling tens of thousands of agents with no way to dynamically build groups in tenable.io's UI