r/nessus

helloooooo
im a cloud engineer (not from the security team) and a few months ago we created some tenable nessus servers in OCI based on a request from our ISD/security team ok? okaayy
we used the tenable image/OS they requested and added our usual ansible SSH key same as all our other servers
however.. SSH access is not working at all it keeps asking for a password instead of accepting the SSH key and none of us can access the servers
now we need to install agents on them but we cannot even log in
ha anyone faced this before with tenable images on OCI? any idea what the issue could be? 😿🙏🏼

Hey everyone, I’m the sole person running a vulnerability‑management‑as‑a‑service engagement for a client with a pretty chaotic environment, and I’m looking for advice from people who’ve faced similar challenges.

Our setup

• Agent scans: Tenable Security Center, used only for agent‑based assets.
• Network scans: Nessus Expert and Nessus Professional, covering ~65 departments.
  • For network scans, I have dedicated folders per department in Nessus.
  • I automatically pull scan results each month using a Python script via the Nessus API (with API keys).
• Environment constraints:
  • Client cannot provide reliable asset counts; some departments have servers, others mostly endpoints/printers, and the number of devices per segment is unknown.
  • All network scans are unauthenticated (no credentials).

The problem I’m trying to solve
I’m most focused on the reporting and tracking side:

• How to track scans performed each month and reliably compare month‑to‑month differences (new vs. resolved vulns, coverage changes, risk trend).
• How to build executive‑level reports that are clear, concise, and actionable despite incomplete inventories and unauthenticated scans.
• What KPIs to use at an executive level (e.g., coverage, risk reduction, remediation speed) and how to compute them when asset counts are uncertain.
• How to present dashboards that show progress and residual risk without getting bogged down in technical detail.

I’m the only operator on this engagement, so I need practical, automatable approaches (scripts, SQL/BI tools, dashboards) rather than manual Excel workflows.

What I’m looking for

• Advice on reporting structure for executives: what to show, how to frame trends, and how to handle uncertainty in coverage.
• Suggestions for KPIs that make sense in a VM‑as‑a‑Service engagement with partial inventories and unauthenticated scans.
• Tools or patterns for monthly tracking and comparison (e.g., storing historical results, deduplicating assets, computing deltas).
• Any real‑world examples of executive dashboards or report templates that worked for similar engagements.

Thanks in advance — happy to continue in DMs if it’s easier.