Setting Up the Kenna Agent


It is recommended that you use a dedicated server or VM to run the Kenna Agent. Please make sure that your firewall rules allow the Kenna Agent to talk to your internal connectors as well as reach out to Kenna.

These scanners are currently supported:

  • Nexpose
  • Nessus
  • Sonatype
  • BlackDuck

Important: The machine must have network access to your scanner and the Kenna Security API.

Recommended specifications:

Operating System RHEL or derivative (RHEL 7+, CentOS 7+, Fedora 28+)
RAM 1-2 GB
Number of CPUs 1-2
Disk Size 20 GB, encrypted

Note: HTTP/S proxying is supported. Refer to the Proxy for Agent section.

Windows server-based installs are not supported at this time. If you are interested, please let us know.

Important: When using a proxy or firewall, you will need to whitelist the following addresses:

  • (US AWS)
  • (US GCP)
  • (EU)
  • (CA)
  • (Sandbox)

Important: Please open a support ticket to ask that the Agent UI feature flag be turned on. This will enable the checkbox for the agent to be shown on the connector setup page.

Install the Agent

Tip: You can execute the commands as Root if you do not wish to use sudo.

In the Command Prompt, create a new "kenna.repo" file using

$ sudo touch /etc/yum.repos.d/kenna.repo

Edit the newly created kenna.repo file; enter and save the following content:

name=Kenna Security

Next, you are ready to begin the install process. Based on your OS, enter the appropriate command. 

Fedora 28+

$ sudo dnf install kenna-agent

RHEL 7+, CentOS 7+

$ sudo yum install kenna-agent

When prompted, enter "y" to confirm to accept the key.

Enter "y" again to confirm to download the agent.

Connector Setup

You must first select a connector if you have no existing connector before proceeding with the connector setup.  Log in to your Kenna Account, click the Connectors tab to select a connector. 

Once you have selected a connector, the connector-specific setup page opens as shown below.


Click the Use Kenna Agent checkbox. If there is no checkbox visible, open a support ticket and request that the feature flag for Agent UI be enabled.

Fill in Username, Password, Host information as well as select the desired Schedule, if not already completed.

Note: You can make changes to your cron as required. Changes to the Schedule change the config snippet as shown.

Important: The connector ID is blank initially and only populates after the connector is saved.


Note: All times are in UTC.

Click Save to confirm your changes.

Important: By clicking Save, the Run and Upload & Run buttons are clickable but their functionality will be disabled.

Any previously set schedule will not work and all new connector runs will be completed using the Kenna Agent.

Configure the Agent

Note: A connector must be added, as shown in the pervious section, before proceeding configuring the agent.

Important: You require your Kenna API token to configure and use the Kenna Agent.

Log into Kenna and navigate to API keys menu option.

Locate your API key and click the Copy button to copy the API token.

Edit the "/etc/kenna-agent/kenna-agent.toml" file. 

Item What to Enter
token Paste in the API token.

Enter the connector ID.

Tip: To locate your connector ID, select the connector in the Connectors tab. In the Details page that displays, highlight and copy the Connector ID.

type Enter the connector type such as “nexpose”, “nessus”.
url Enter the scanner URL (protocol + host + port).
username Enter the scanner credentials.
password Enter the scanner credentials.

Enter a cron job schedule using the “min hr dom mon dow” format.

Important: Time is interpreted in UTC.


Contains scan IDs for the Nessus connector.

For a single list, enter scan_list = [#]. For example, scan_list = [5].

For multiple lists, enter numbers separated by commas. For example, scan_list = [5, 246, 248].

To manually kick-off the connector outside of the scheduled window, you must log into the agent console and run the following command:

kenna-agent oneshot

Multiple Connectors Setup

The Kenna-Agent allows for multiple connectors to be set up simultaneously by simply editing the kenna-agent.toml file as shown.

url = ""
token = "your token"

id = 12345
type = "nexpose"
url = ""
username = "user"
password = "pass"
schedule = "*45 23 * * *"

id = 12346
type = "blackduck"
url = ""
username = "user"
password = "pass"
schedule = "55 23 * * *"

Kenna-Agent runs each connector when the schedule is set.

Important: Ensure that schedules are spread out to avoid encountering memory errors.

Directory Connector

A directory connector gathers all files inside a specified directory, uploads them to conduit, and starts a connector run. To set up a directory connector, you need to create a connector to which you upload files.

Important: Agent will pick up all files in the given directory for each run.

url = ""
token = "your token"

id =
type = "directory"
url = "file:/home/kenna/Downloads/nexpose"
username = ""
password = ""
schedule = "*45 23 * * *"



What to Enter


Paste in the API token.


Enter the connector ID.

Note: The connector should be a supported XML connector only.


Enter the connector type as “directory”.


Enter the path where the directory is located. For example, if the directory is in home/[User]/Downloads/nexpose, then the url would be as follows:


Important: Ensure the specified directory has read permissions.


Leave blank. 


Enter a cron job schedule using the “min hr dom mon dow” format.

Important: Time is interpreted in UTC.

Start and Enable the Agent

Once installation is complete, you are ready to run the agent. Enter to start the agent.

$ sudo systemctl enable kenna-agent

In the Command Prompt, enter "kenna-agent check" to check the configuration details of the Kenna Agent. Use this command to troubleshoot issues by reviewing the Check Summary.


Updating the Agent

When a new version is available, you can upgrade/update the Kenna Agent using the appropriate command for your OS:

Fedora 28+

$ sudo dnf update kenna-agent

RHEL 7+, CentOS 7+

$ sudo yum update kenna-agent

When an update or upgrade is available, running the info kenna-agent command results in system notification detailing the current version and the new version that is available.

Fedora 28+

$ sudo dnf info kenna-agent 

RHEL 7+, CentOS 7+

$ sudo yum info kenna-agent 

Proxy for Agent

When a proxy is used, the agent is capable of working with HTTP and HTTPS settings. 

In the command prompt, enter the following command: 

$ sudo systemctl edit kenna-agent.service

In the editor, create/add an environment variable override.

Note: For different proxy settings, multiple environment variables can be added.

Environment=HTTPS_PROXY=https://myproxy:4566(replace the URL with your proxy)

Enter the following command to restart the Kenna Agent. After adding or creating the variables, save the changes and exit the editor.

$ sudo systemctl restart kenna-agent.service 

Helpful commands

Start agent:

$ sudo systemctl start kenna-agent

Enable agent:

$ sudo systemctl enable kenna-agent

Stop agent:  

$ sudo systemctl stop kenna-agent

Agent process status:

$ sudo systemctl status kenna-agent

Check config details:

$ kenna-agent check 

Run connector from the terminal:

To manually kick-off the connector outside of the scheduled window, you must log into the agent console and run the following command:

$ kenna-agent oneshot
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


1 comment
  • Helpful, but also need to know if there are any firewall requirements for each of the SaaS platforms.


Please sign in to leave a comment.