Key Service Descriptions and Maximum Values
The Tenable Cloud Platform provides the following key services in support of Tenable products:
| Category Service | Service Component | Maximum Value | Additional Information |
|---|---|---|---|
| Cloud Hosted Nessus Scanner | Scan Job |
25 active, concurrent scans per container |
Each container can have up to 25 active concurrent scans. For more information and the definition of an active scan, see Concurrent Active Scan Limits. |
| 10,000 scheduled scans per container | The maximum number of scheduled scans is 10,000 per container. For best practices on managing scans via the API, see Manage Scans. | ||
| Target IP addresses and hostnames up to 1,000 times your licensed asset count per discovery scan | For example, if your organization has a licensed asset count of 1,000, the platform does not allow you to target more than 1,000,000 IP addresses or hostnames in a single discovery scan (for more information, see Discovery Scans vs. Assessment Scans in the Tenable Vulnerability Management User Guide). | ||
| Live host scan results for up to 1.1 times your licensed assets per scan | A scan job aborts when it generates live host scan results for more than 1.1 times your licensed asset count. | ||
| Dead host scan results for up to 100 times your licensed assets per scan | A scan job aborts when it generates dead host scan results for more than 100 times your licensed asset count. | ||
| 300,000 targeted IP addresses or ranges per scan | You cannot specify more than 300,000 comma-separated IP addresses or ranges when configuring a scan’s targets. | ||
| 10,000 hosts, 150,000 findings, or 7 GB in total size per scan chunk | If a scan chunk exceeds any of the maximum values, Tenable Vulnerability Management does not process the scan and eventually aborts it. Note: This limits items like MDM assessments, importing Nessus files, and very large Auto Discovery scenarios (for example, VMware) to individual scans with less than 10,000 assessed targets. |
||
| Cloud Hosted Web Application Scanner | Scan Jobs | 8 hours, 4 concurrent | Web Application scan jobs may take up to 8 hours to complete. Scans will run for a maximum time of 99:99:59 before aborting. Concurrency limits depend on your container license. |
| Agentless Scanners | Scan Jobs | 24-hour scan completion | Agentless scan jobs may take up to 24 hours to complete. |
| CSPM scans | 6-hour max duration | CSPM scans, required by Agentless scans, have a maximum duration of 6 hours. | |
| Bulk Delete | Query Endpoint | 1,000 conditions in query object | Currently, Tenable supports up to 1,000 conditions (filters) within the query object. |
| Bulk Delete Assets | 1,000 filters per query | Currently, Tenable supports up to 1,000 conditions (filters) within the query object of the Bulk Delete Asset endpoint. | |
| Export | CVE Rate Limits | 15 requests over 60 seconds | CVE Exports are limited to 15 requests over 60 seconds |
| Scan DB | 45 days | Currently, Tenable purges Scan DB exports 45 days after scan completion. | |
| Scan Results | 45 days | Archived scan results older than 45 days are limited export types of .nessus and .csv files | |
| 5,000 rows | Number of shown rows in the Vulns by Asset table is limited to 5,000 | ||
| 400,000 individual scan results | Currently, Tenable can not export PDF files with more than 400,000 individual scan results. | ||
| Concurrent Jobs | 10 concurrent exports per container | For more information, see Concurrency Limiting. | |
| Filtering | Filtering an Explore Table | Number of filters is limited to 18 | Currently, the maximum number of filters that can be applied to any Explore > Findings or Assets views (including Group By tables) to 18. |
| IPv4 Address filter on the Findings workbench | Number of IPv4 addresses limited to 256 | On the Findings workbench, when using the IPv4 Address filter, the number of IPv4 addresses is limited to 256. | |
| Filtering a Report | Number of Custom Asset filter IP addresses you can specify is limited to 100 | When filtering a report using the Custom Asset report filter, you can filter by no more than 100 individual IP addresses. | |
| Number of filters you can apply to a Findings Report is 5 | When filtering findings to generate a Findings Report, you can apply a maximum of 5 filters to each report. | ||
| Imports | Import Assets | Up to 50 individual assets per request | Currently, Tenable supports a maximum of 50 individual asset objects per request message with a total size limit of 15 MB. |
| Tags | Create Tag Rules | 35 rules per tag |
Tenable Vulnerability Management supports a maximum of 35 rules per tag. This limit means that you can specify a maximum of 35 and or or conditions for a single tag value. |
| Create Tag Rules | 25 values per individual rule/1,024 per individual tag rule | Tenable Vulnerability Management supports a default maximum of 25 values per individual tag rule. For IPv4, IPv6, and FQDNs, Tenable Vulnerability Management supports a maximum of 1,024 values per individual tag rule. | |
| Recast/Accept Rules | Adding hosts to recast/accept rules | 1,000 hosts per rule | Tenable limits the number of individual hosts you can target as part of a recast/accept rule to 1,000. |
| Activity Logs | Log Retention | 3 years | Currently, Tenable retains activity log data for 3 years, after which it is deleted from the Tenable database. |