Platform Performance and Fair Use
The Tenable Cloud Platform uses a multi-tenant architecture with shared scanner and processing pools. We implement fair use to ensure the platform remains performant. To ensure equitable service quality, if a customer's activity negatively impacts the platform or other tenants, Tenable reserves the right to activate rate and concurrency maximums. Performance varies based on region and traffic and is provided without guarantee.
Key Service Descriptions and Maximum Values
The Tenable Cloud Platform provides the following key services in support of Tenable products:
| Category Service | Service Component | Maximum Value | Additional Information |
|---|---|---|---|
| Cloud Hosted Nessus Scanner | Scan Job |
25 active, concurrent scans per container |
Each container can have up to 25 active concurrent scans. For more information and the definition of an active scan, see Concurrent Active Scan Limits. |
| 10,000 scheduled scans per container | The maximum number of scheduled scans is 10,000 per container. For best practices on managing scans via the API, see Manage Scans. | ||
| Target IP addresses and hostnames up to 1,000 times your licensed asset count per discovery scan | For example, if your organization has a licensed asset count of 1,000, the platform does not allow you to target more than 1,000,000 IP addresses or hostnames in a single discovery scan (for more information, see Discovery Scans vs. Assessment Scans in the Tenable Vulnerability Management User Guide). | ||
| Live host scan results for up to 1.1 times your licensed assets per scan |
A scan job aborts when it generates live host scan results for more than 1.1 times your licensed asset count. Note: Tenable Vulnerability Management evaluation licenses limit each scan to 265 targets. |
||
| Dead host scan results for up to 100 times your licensed assets per scan | A scan job aborts when it generates dead host scan results for more than 100 times your licensed asset count. | ||
| 10,000 mobiles devices per scan | The maximum number of mobile devices that can be retrieved in a single scan is 10,000. | ||
| 300,000 targeted IP addresses or ranges per scan | You cannot specify more than 300,000 comma-separated IP addresses or ranges when configuring a scan’s targets. | ||
| 10,000 hosts, 150,000 findings, or 7 GB in total size per scan chunk | If a scan chunk exceeds any of the maximum values, Tenable Vulnerability Management does not process the scan and eventually aborts it. Note: This limits items like MDM assessments, importing Nessus files, and very large Auto Discovery scenarios (for example, VMware) to individual scans with less than 10,000 assessed targets. |
||
| Cloud Hosted Web Application Scanner | Scan Jobs | 8 hours, 5-10 concurrent scans based on container license | Web Application scan jobs may take up to 8 hours to complete. Scans will run for a maximum time of 48:00:00 before aborting. Concurrency limits vary from 5-10, based on your container license. |
| Agentless Scanners | Scan Jobs | 24-hour scan completion | Agentless scan jobs may take up to 24 hours to complete. |
| CSPM scans | 6-hour max duration | CSPM scans, required by Agentless scans, have a maximum duration of 6 hours. | |
| Bulk Delete | Query Endpoint | 1,000 conditions in query object | Currently, Tenable supports up to 1,000 conditions (filters) within the query object. |
| Bulk Delete Assets | 1,000 filters per query | Currently, Tenable supports up to 1,000 conditions (filters) within the query object of the Bulk Delete Asset endpoint. | |
| Export | CVE Rate Limits | 15 requests over 60 seconds | CVE Exports are limited to 15 requests over 60 seconds. |
| Scan DB | 45 days | Currently, Tenable purges Scan DB exports 45 days after scan completion. | |
| Scan Results | 5,000 rows | Number of shown rows in the Vulns by Asset table is limited to 5,000. | |
| 45 days | Archived scan results older than 45 days are limited export types of .nessus and .csv files. | ||
| 400,000 individual scan results | Currently, Tenable can not export PDF files with more than 400,000 individual scan results. | ||
| Concurrent Jobs | 10 concurrent exports per container | For more information, see Concurrency Limiting. | |
| Filtering | Filtering an Explore Table | Number of filters is limited to 35 | Currently, the maximum number of filters that can be applied to any Explore > Findings or Assets views (including Group By tables) to 35. |
| IPv4 Address filter on the Findings workbench | Number of IPv4 addresses limited to 256 | On the Findings workbench, when using the IPv4 Address filter, the number of IPv4 addresses is limited to 256. | |
| Filtering a Report | Number of Custom Asset filter IP addresses you can specify is limited to 100 | When filtering a report using the Custom Asset report filter, you can filter by no more than 100 individual IP addresses. | |
| Number of filters you can apply to a Findings Report is 5 | When filtering findings to generate a Findings Report, you can apply a maximum of 5 filters to each report. | ||
| Imports | Import Assets | Up to 50 individual assets per request | Currently, Tenable supports a maximum of 50 individual asset objects per request message with a total size limit of 15 MB. |
| Tags | Create Tag Rules | 35 rules per tag |
Tenable Vulnerability Management supports a maximum of 35 rules per tag. This limit means that you can specify a maximum of 35 and or or conditions for a single tag value. |
| Create Tag Rules | 25 values per individual rule/1,024 per individual tag rule | Tenable Vulnerability Management supports a default maximum of 25 values per individual tag rule. For IPv4, IPv6, and FQDNs, Tenable Vulnerability Management supports a maximum of 1,024 values per individual tag rule. | |
| Recast/Accept Rules | Adding hosts to recast/accept rules | 1,000 hosts per rule | Tenable limits the number of individual hosts you can target as part of a recast/accept rule to 1,000. |
| Activity Logs | Log Retention | 3 years | Currently, Tenable retains activity log data for 3 years, after which it is deleted from the Tenable database. |