What information do I need to provide for my issue?

Below are some examples of the most common cases we receive, and also what information can be provided as a starting point for us to troubleshoot further. If the subject of your case isn't included below, the following should still be helpful in determining what information will be helpful for us to investigate your issue.

Scan Query

• Potential false positive/negative
  • Notes:
    • For remote plugin disputes, a packet capture taken during the scan will be beneficial in expediting the troubleshooting process.
      • At a minimum, filter the pcap on the target host, and the port the plugin is or is not being found on.
    • Any supporting evidence available, i.e. screenshots of configurations, terminal outputs indicating patch levels, vendor publications, or exported registry keys/values will be required to advance the analysis.
  • Each product has a requirement for processing:
    • Nessus
      • Nessus DB - This allows us to determine why the plugin flagged, or if not, what reason was provided in the audit trail.
      • Nessus Bug Report - This allows us to rule out any potential issues with the plugin itself (for a false negative).
    • Tenable.sc
      • Diagnostic Scan - This allows us to determine why the plugin flagged, or if not, what reason was provided in the audit trail.
      • Nessus Bug Report from the scanner used by Tenable.sc - This allows us to rule out any potential issues with the plugin itself (for a false negative). Scanner IP can be seen in the output of plugin ID 19506.
    • Tenable.io
      • Scan DB - This allows us to determine why the plugin flagged, or if not, what reason was provided in the audit trail. The .db file produced by Tenable.io will yield the hosts scanned within the same chunk, and not necessarily the entire target range.
      • Nessus Bug Report from the scanner used by Tenable.io. (Only applicable if it is a local scanner)
    • Web Application Scanning
      • Scan JSON - This provides us with all of the scan details that can be used to determine why the plugin flagged.
      • Plugin Attachments - Each plugin will have a number of attachments such as screenshots or 'HTTP Request/Response'. Download each of these for your relevant plugin and attach to the case.
      • Plugin 98000 Attachments - sitemap.csv, configuration.csv and plugins.csv
      • SOS Report from the Tenable Core + WAS scanner used by Tenable.io. (Only applicable if it is a local scanner)
    • Security Center + WAS
      • Navigate to Scans → Scan Results
      • Check the box beside the required scan result
      • Click Download
      • Provide the ZIP file to support
  • Additional Resources
    • Minimum Requirements for Submitting a Nessus False Positives/Negatives ticket with Tenable Support
    • Verify if plugin is reporting false positive for Windows target
    • Generating a packet capture with tcpdump
    • Create a PCAP using Wireshark
    • Generating a pcap with Windows built-in packet sniffer
• Authentication failure
  • Nessus:
    • Edit scan configuration. On the Advanced tab enable both debugging options.
    • Nessus DB - Potential for output in one of the Authentication Failure plugins which may pinpoint the issue.
    • Evidence that you are able to login to the target directly from the Nessus host.
  • Tenable.sc:
    • Diagnostic scan - Potential for output in one of the Authentication Failure plugins which may pinpoint the issue.
    • Evidence that you are able to login to the target directly from the Nessus scanner host utilized in the scan.
  • Tenable.io:
    • Scan DB - There is potential for output in one of the Authentication Failure plugins which may pinpoint the issue.
  • Web Application Scanning:
    • Scan JSON - This provides us with all of the scan details that can be used to determine why the authentication failed.
    • Plugin Attachments - All attachments related to the failed authentication plugin. e.g. 98142,98034,98140,98026,113011 or 113013
    • Plugin 98000 Attachments - sitemap.csv and configuration.csv
    • SOS Report from the Tenable Core + WAS scanner used by Tenable.io. (Only applicable if it is a local scanner)
  • Security Center + WAS
    • Navigate to Scans → Scan Results
    • Check the box beside the required scan result
    • Click Download
    • Provide the ZIP file to support
  • Additional Resources
    • Troubleshooting Credential scanning on Windows
    • Troubleshooting Credential Scanning On Linux
    • Useful plugins to troubleshoot credential scans
• Host(s) are not returned in the scan result
  • Nessus:
    • Edit scan configuration > Report > Display unreachable hosts
    • Re-run the scan.
    • Download the scan result as a Nessus DB.
    • Optional: Packet capture ran on Nessus Scanner host during the scan.
  • Tenable.sc:
    • Edit scan policy > Report > Display unreachable hosts
    • Re-run the scan.
    • Download the scan result as a Diagnostic Scan.
    • Optional: Packet capture ran on Nessus Scanner host during the scan.
  • Tenable.io:
    • Edit scan configuration > Report > Display unreachable hosts
    • Re-run the scan.
    • Download the scan result as a Scan DB.
    • Optional: Packet capture ran on Nessus Scanner host during the scan (if using a local scanner).
  • Web Application Scanning:
    • Review 'Get Started with WAS'
    • SOS Report from the Tenable Core + WAS scanner used by Tenable.io. (Only applicable if it is a local scanner)
    • Evidence that the scanner can reach the target and that the target is up.
  • Security Center + WAS
    • "WAS" and "Import" touch debug files
    • Security Center diagnostic file
    • Nessus Bug Report
  • Additional Resources
    • Generating a packet capture with tcpdump
    • Create a PCAP using Wireshark
    • Generating a pcap with Windows built-in packet sniffer

Compliance Scan Query

• Failure to run compliance checks
  • Nessus:
    • Nessus DB: This should display a reason for the failure, and the plugins returned also have potential to help find the cause of this issue.
  • Tenable.sc:
    • Diagnostic Scan - This should display a reason for the failure, and the plugins returned also have potential to help find the cause of this issue.
  • Tenable.io:
    • Scan DB - This should display a reason for the failure, and the plugins returned also have potential to help find the cause of this issue.

Update of Components/Plugins

• Nessus:
  • Nessus Bug Report
  • If it is self-managed: Proof that connectivity is possible between the Nessus host and plugins.nessus.org over port 443. (e.g. via Telnet)
  • If it is managed by Tenable.sc: Diagnostics.
• Tenable.sc:
  • Diagnostics
  • Proof that connectivity is possible between the Tenable.sc host and plugins.nessus.org over port 443. (eg. via Telnet)
• NNM:
  • NNM Bug Report
  • If it is managed by Tenable.sc: Diagnostics.
• LCE:
  • LCE Debug
• Tenable Core:
  • SoS Report
• Additional Resources
  • Nessus Plugin Updates Troubleshooting Guide
  • Troubleshooting Common Plugin Update Failures in Tenable.sc

Event and log capturing (only applicable to LCE)

• Issue searching/collecting events
  • Tenable.sc Diagnostic
  • LCE Debug
• Logs failing to normalize
  • Provide the output of the following command from the LCE host:/opt/lce/tools/lce_cfg_utils --display-status | grep -i plugin_set
  • View un-normalized logs from the Tenable.sc interface.
  • Export a CSV file containing the unnormalized logs from the Raw Syslog tool.

Product integration

• For any issues faced between the interaction of two or more products, a debug from the affected products will suffice for the initial investigation. Example issues may include:
  • Unable to link the products.
  • Unable to launch a scan. (Nessus, Tenable.sc, Tenable.io, NNM)
  • Plugin update issues. (Nessus, Tenable.sc, Tenable.io, NNM)
  • Unable to collect events. (between LCE and an LCE Client)
• For ServiceNow related issues, please run the collection script and send us the output.

UI Performance Degradation

• For any performance-related issues:
  • A debug from the affected product (if applicable)
  • A HAR capture showing the reproduction of the issue
• Additional Resources
  • Collecting Debugs for Tenable Products
  • How to create a HAR file when reproducing an issue

Potential bug with UI

• For any potential bug you observe with the UI of our products, please provide the following:
  • Bug report from the affected product.
  • Screenshot showing the issue.
  • HAR file captured during reproduction of the issue.
  • Browser and version you are running.
• Additional Resources
  • Collecting Debugs for Tenable Products
  • How to create a HAR file when reproducing an issue

Back to the top 

Additional Topics

How to upload large files

If the file you wish to upload exceeds the 25MB limit, you can use Tenable Uploads.

Please see the following article for assistance in uploading this file:
Using Tenable Uploads (uploads.tenable.com) to share large files with Tenable staff

Back to the top

Feature/Enhancement Requests

We would like to invite you to use Tenable's new customer Suggestion Portal. As part of our ongoing initiatives to improve visibility on product suggestions and feedback, the new Tenable Suggestion Portal will provide you with self-service access to create, track and contribute feature requests and product suggestions directly to Tenable product managers. 

You’ll also be able to view, vote, and comment on other suggestions, including many of our most popular customer suggestions from the legacy platform. While we don’t have the capacity to develop on every suggestion, your input is incredibly valuable to us. The new portal will allow us to better listen to and incorporate your feedback as we work to evolve our products to benefit all of our customers. To enter a product suggestion, please navigate to https://suggestions.tenable.com and sign in with your Tenable Community credentials to get started!

Back to the top