Security Controls

Platform Performance and Maximums Reference

The Tenable Cloud Platform is a multi-tenant architecture. Scanner and processing pools are shared and scaled to support demand. Rate and concurrency maximums may be activated when customer activity negatively impacts the platform, the products (the systems supporting the products), or other tenants. See the Tenable Master Agreement for additional details.

General platform performance varies based on platform conditions, resource utilization, global region, tenant traffic, license, and customer configuration of scan target volume and depth of assessment. The vast majority of customers experience individual end-to-end scan job duration within a maximum of a couple of hours; provided, however, this is subject to both platform conditions as well as customer-specific scan configurations. This is provided without guarantee and is to be used as a reference for troubleshooting customer environments and configurations. To learn how you can tune each aspect to make your scan faster or more data-inclusive, depending on your desired outcome, please view the Vulnerability Management Scan Tuning Guide.

API Maximums

The platform performs rate limiting on API requests to ensure that all customers experience the same level of service. The platform calculates the number of API requests it can accept from a single user per minute based on its current processing load. Users are uniquely identified by the API key utilized in every API request. Each user is limited to possessing only a single valid API key at any given time. For more information on the parameters and behaviors to adhere to, see API Rate Limiting.

Export Maximums

Note that there are limits on the number of concurrent export requests that can be made on the platform. Users are allowed a maximum of ten active concurrent export requests per customer container, depending on the endpoint being used. Additionally, the maximum storage capacity for export job files is 500MB or 50GB depending on license. For more information, see Export Concurrency Limiting.

Cloud Scanner Maximums

Unless otherwise specified, each customer container has the following cloud scanner warnings or controls by default:

• Prior to scan execution, the maximum number of simultaneous cloud scanner jobs is 25. As a result, no additional cloud scanner scans will be launched or queued.

• Prior to scan execution, users are WARNED if any scan target list exceeds 10x license. This is intended to minimize mistakes in target definitions that may produce results that exceed customer license. Customers can tune scan target lists to remove warnings.

• During scan execution, the scan job will terminate when returned billable assets exceed 1.1x license (i.e. up to 10% elasticity over license per scan).

• Linked non-cloud scanners and agents will retry and be processed independent of the cloud scanner concurrency limit, in-line with API maximums.

Contact your Customer Success Manager to discuss your scan maximum needs or stagger jobs over time to reduce the chance of conflict. For more information, see Scan Concurrency Limiting and Scan Limitations.

Web Application Scan Maximum

Our platform has a standard for the number of concurrent Web Application Scans that can operate. The limit is based on the size of the purchased license, but it can be expanded as needed. By default, each customer instance can have a maximum of 5 ongoing web application scans (WAS), unless stated otherwise.

Plugin Search Maximum

The platform maintains a plugin output index to support plugin output search. This index maintains the previous 35 days of data. This feature is disabled by default. When enabled, if a container does not utilize the index for more than 35 days, it is disabled. Customer administrators can enable this feature at any time for all new scan data from that point forward.