Tenable Cloud Platform Licensing Policy

The Tenable Cloud Platform Licensing Policy provides customers an understanding of Tenable product definitions and their licensing policies. This policy may be updated periodically at Tenable’s sole discretion.

Platform Licensing Breakdown

The Tenable Cloud Platform consists of multiple products. Products on the platform can be purchased via Tenable One or, alternatively, some may be purchased a-la-carte.

Information about how Tenable One Platform applications are licensed can be found in the Tenable Licensing Quick Reference Guide.

Definitions

Term Definition
Asset

An asset is defined as:

  • A physical or virtual device with an operating system connected to a network.

  • An active (non-terminated) cloud resource (including but not limited to containers, virtual devices, applications, native services, IaC etc.) that is monitored for policy violations and security risk.

  • A web application with an FQDN.

  • A user, under the constructs of Identity Security Products.

Example assets may include, but are not limited to:

  • Laptops

  • Desktops

  • Servers

  • Routers

  • Firewalls

  • Switches

  • IoT Devices

  • Mobile phones

  • Virtual machines

  • Software containers

  • IaC

  • Operational technology devices

  • Cloud resources, including but not limited to AWS, GCP or MS Azure compute, database and networking services.

  • User Accounts
Assessed Asset An “assessed asset” is any asset that has been scanned for a vulnerability, configuration, or state.
Discovered Asset A “discovered asset” is any asset that has been identified by discovery plugins, but not scanned for vulnerability, configuration or state.
Licensed Asset

A “licensed asset” is any asset that has been assessed within the product's specified metered billing term. Only billable cloud run time resources are considered as licensed assets and counted as such. Licenses are calculated by the number of scanner type(s) applied per resource.
Unlicensed Asset

An “unlicensed asset” is any asset that has not been assessed within the metered billing term, and is within the data retention period noted in the Tenable Master Agreement. The TenableCloud Platform discovers ALL Resources in cloud accounts (Cloud Runtime) and in repositories/pipelines (IaC/Container Images). Local Scan/Repository/Pipelines (IaC, local container images) resources are NOT billable.

Terminated Asset

If an asset is terminated in a cloud platform, it is automatically terminated in Tenable Vulnerability Management via cloud connector. While the asset is not permanently deleted, it is flagged as “terminated”. Vulnerability data is permanently deleted and falls off of the license the next day (via a nightly job). Asset termination is known as a soft deletion.

Deleted Asset

Deleted assets are permanently removed from the Tenable Platform. Deleted assets and associated data cannot be restored. When deleting assets manually through the user interface or API (including bulk asset deletion), the asset is flagged as “DELETED” and remains licensed for the remainder of the specified metered billing term, and need to age-out to be reclaimed. Review the Tenable Vulnerability Management Scan Tuning Guide to ensure the assets that are counted as licensed are aligned with a scan and assessment strategy. The Asset age out feature deletes assets for hygiene purposes. If aged-out, both the asset and vulnerability data is permanently deleted.
Tenable Web App Scanning FQDN

Tenable Web App Scanning determines asset count by the number of fully qualified domain names (FQDNs) that Tenable Web App Scanning successfully scans for your user account. An asset does not count against your license limit until Tenable Web App Scanning has successfully scanned the asset for vulnerabilities.

License Size

License size references the number of assets you have purchased and that can be assessed or scanned. Tenable allows temporary elasticity to exceed the license, but for no more than 30-days before it is considered a violation of the license agreement.

Scan Target(s) The Tenable Master Agreement defines “Scan Target(s)” as the targets or subjects of a scan. The purpose of this policy is to set forth how Tenable defines, differentiates, and counts different types of scan targets for licensing purposes. For purposes of this policy, an asset is considered a scan target. For the purposes of this policy, an asset is considered a "Scan Target".

Elastic Licensing

On a temporary basis, customers can exceed their contracted license size. However, customers must true-up when license counts continue to be exceeded.

The primary benefits of Elastic Asset Licensing are:

  • Compensates for imperfect scan hygiene

  • Allows for temporary asset increases from activities such as hardware refreshes or sudden environment growth

  • Compensates for modern cloud environments and ephemeral assets that don't have traditional life-spans

  • Adapts to and is reflective of dynamic customer environments

If the license size is exceeded for more than 30 days, review the Tenable Overage Process.