Tenable Cloud Platform Licensing Policy

An asset is defined as:

• A physical or virtual device with an operating system connected to a network.

• An active (non-terminated) cloud resource (including but not limited to containers, virtual devices, applications, native services, IaC etc.) that is monitored for policy violations and security risk.

• A web application with an FQDN.

• A user, under the constructs of Identity Security Products.

Example assets include, but are not limited to: laptops, desktops, servers, routers, firewalls, switches, IoT devices, mobile phones, virtual machines, software containers, IaC, operational technology devices, cloud resources, and user accounts

Any asset that has been assessed within the product's specified metered billing term. Only billable cloud run time resources are considered as licensed assets and counted as such. Licenses are calculated by the number of scanner type(s) applied per resource.

Any asset that hasn't been assessed within the metered billing term and is within the data retention period noted in the Tenable Master Agreement.

When an asset is terminated in a cloud platform, the cloud connector automatically flags it as "terminated". This soft deletion removes the asset's vulnerability data and frees its license seat after a nightly cleanup job.

Assets manually deleted via the UI or API are permanently removed and cannot be restored. These assets remain licensed until the end of the billing term; however, assets removed via the Asset Age Out feature are immediately deleted for hygiene, permanently removing both the asset and its vulnerability data. To optimize license usage, review the Tenable Vulnerability Management Scan Tuning Guide to align your licensed asset count with your assessment strategy.

The number of assets you've purchased that can be assessed or scanned. Tenable allows temporary elasticity to exceed the license, but for no more than 30 days before it's considered a violation of the license agreement.