Tenable One Licensing
This topic breaks down the Tenable One licensing process and lists the versions and components you can purchase. It also holds a license calculator with which you can estimate your license needs.
To learn how to use Tenable One, see Tenable One Platform.
Tenable One Versions
Tenable One has three versions.
| Version | Products |
|---|---|
| Tenable One |
Comes with Tenable Vulnerability Management, Tenable Security Center+, Tenable Web App Scanning (both versions), Tenable Identity Exposure, Tenable Cloud Security Standard, Tenable Cloud Security Enterprise, Tenable Cloud Security CIEM, Tenable Attack Surface Management (both versions), Tenable Security Center Director, Tenable Lumin, Lumin Exposure View, Tenable Inventory, and Attack Path Analysis. |
| Tenable One Standard | Comes with Tenable Vulnerability Management, Tenable Web App Scanning, Tenable Cloud Security, Tenable Security Center+, Tenable Security Center Director, Tenable Lumin, Lumin Exposure View, Tenable Inventory, and Tenable Identity Exposure. |
| Tenable One Enterprise |
Comes with all of the above plus Attack Path Analysis and Tenable Attack Surface Management. |
Licensing Tenable One
To use Tenable One, you purchase licenses for assets: resources identified by—or managed in—your Tenable products. Some Tenable One products use different asset types. For example, in Tenable Web App Scanning, assets are unique fully qualified domain names (FQDNs), while in Tenable Identity Exposure, they are enabled users in your directory service. Once you have purchased licenses, your Tenable representative assigns them to your products based on the asset types you want to scan or manage.
When your environment expands, so does your asset count, so you purchase more licenses to account for the change. Tenable licenses use progressive pricing, so the more you purchase, the lower the per-unit price. For prices, contact your Tenable representative.
You can reallocate your licenses once per 90 days. For example, if you purchase 1,000 licenses and assign 500 each to Tenable Vulnerability Management and Tenable Security Center, you can switch 100 licenses to Tenable Vulnerability Management if your scan profile requires it. To reallocate licenses, contact your Tenable representative.
and then click License Information. To learn more, see License Information Page. Tenable One Components
You can customize Tenable One for your use case by adding components. Some components are add-ons that you purchase.
| Version | Included with Purchase | Add-on Component |
|---|---|---|
| Tenable One Standard |
|
Tenable Web App Scanning additional concurrency with Tenable cloud scanners. |
| Tenable One Enterprise |
|
|
Tenable One Asset Values
Tenable One offers a centralized platform approach, collecting data from many asset types and providing domain-specific security teams (for example, Tenable Vulnerability Management, Tenable Cloud Security) with specialized domain-specific applications. These applications are similar to point products for managing cloud, web applications, OT assets, and so on, enhanced with context from the Tenable One platform.
The value customers derive from Tenable One varies by the type of resource being managed, as does the cost incurred by Tenable. To align Tenable One pricing to value, we convert the number of different resource types (for example, web servers, cloud resources, OT devices) to a number of Tenable One assets based on ratios defined in the following table. In this way we maintain a single price per Tenable One asset no matter the variety of resources being managed.
The following table defines the Tenable One asset types in each product and compares them to their Tenable One asset value, which is the number of licenses you purchase from Tenable.
| Product | Definition | Tenable One Asset Value |
|---|---|---|
| Tenable Vulnerability Management |
Assets are scanned targets from the past 90 days, discovery excluded, or imported assets with vulnerabilities. Examples include hosts, IP addresses, or other targets. |
1 of your assets equals 1 Tenable One asset. |
| Tenable Security Center+ | 1 IP address in your environment equals 1 Tenable One asset. | |
| Tenable Web App Scanning |
Assets are fully qualified domain names (FQDNs) assessed in the past 90 days. If you only scan IP addresses, those are used instead. |
1 FQDN or IP address in your environment equals 1 Tenable One asset. |
| Tenable Identity Exposure | Assets are human or machine identities in your identity service, for example: users, devices, applications, or systems. | 1 identity asset in your environment equals 0.50 Tenable One assets. |
| Tenable Cloud Security CIEM | In Tenable Cloud Security, the assets you license are called billable assets. Billable assets are based on public cloud compute instances, public cloud container hosts or orchestrators, serverless assets, container repositories or on-premise container hosts. | 1 Tenable Cloud Security CIEM billable asset equals 3 Tenable One assets. |
| Tenable Cloud Security Standard | 1 Tenable Cloud Security Standard billable asset equals 5 Tenable One assets. | |
| Tenable Cloud Security Enterprise | 1 Tenable Cloud Security Enterprise billable asset equals 7.50 Tenable One assets. | |
| Tenable OT Security |
Assets are detected devices with IP addresses, a single license for each IP address.
|
1 detected device in your environment equals 1.50 Tenable One assets. |
| Tenable Attack Surface Management Fortnightly Frequency | Assets are observable objects, which are domain names, subdomains, or IP addresses for internet-connected or internal network devices. | 1 observable object in your environment equals 0.25 Tenable One assets. |
| Tenable Attack Surface Management Daily Frequency | 1 observable object in your environment equals 0.50 Tenable One assets. |
Tenable One Calculator
Use this calculator to estimate your license needs. In the Licenses column, enter your assets. The number of Tenable licenses to purchase appears in the Assets column.
Note: When purchasing licenses for Tenable One assets, you must purchase at least 300 licenses.
Warning: This calculator provides an estimate and cannot be used for a sales quote. To get a sales quote, contact your Tenable representative.
Reclaiming Licenses
When you purchase Tenable licenses, your total license count is static for the length of your contract unless you purchase more licenses. However, Tenable One products reclaim licenses under some conditions—and then reassign them to new assets in the same product so that you do not run out of licenses.
The following table explains how each Tenable One product reclaims licenses.
| Product | License Reclamation Process |
|---|---|
| Tenable Vulnerability Management | Licenses from deleted assets are reclaimed within 24 hours. Licenses for assets on a network with Asset Age Out enabled are reclaimed after not being scanned for a length of time you specify. Licenses for all other assets are reclaimed after not being scanned for 90 days. |
| Tenable Web App Scanning | Licenses from deleted assets are reclaimed within 24 hours. Licenses for assets that age out are reclaimed after a length of time you specify, or after 90 days. |
| Tenable Security Center | Licenses are reclaimed when you delete a repository, run a license report, or upload a new license. If you set assets to age out, licenses are reclaimed during nightly cleanup. If you configure your scan settings to remove unresponsive hosts, licenses are reclaimed at scan import. For more information, see License Count in the Tenable Security Center Best Practices Guide. |
| Tenable Identity Exposure | Licenses for enabled users you delete are reclaimed in real time when removed from your environment’s directory service. |
| Tenable OT Security | Licenses for hidden assets are reclaimed in real time, as are licenses for assets that have been offline for more than 30 days. Licenses for assets you remove or hide in the user interface are also reclaimed. |
| Tenable Attack Surface Management | Licenses are reclaimed when individual assets are archived—or when asset sources are removed or age out. Your license count is updated daily. |
Exceeding the License Limit
To allow for usage spikes due to hardware refreshes, sudden environment growth, or unanticipated threats, Tenable One licenses are elastic. However, when you scan more assets than you have licensed, Tenable clearly communicates the overage and then reduces functionality in three stages.
| Scenario | Result |
|---|---|
| You scan more assets than are licensed for three consecutive days. | A message appears in Tenable One. |
| You scan more assets than are licensed for 15+ days. | A message and warning about reduced functionality appears in Tenable One. |
| You scan more assets than are licensed for 45+ days. | A message appears in Tenable One; scan and export features are disabled. |
Expired Licenses
The Tenable One licenses you purchase are valid for the length of your contract. 30 days before your license expires, a warning appears in the user interface. During this renewal period, work with your Tenable representative to add or remove products or change your license count.
After your license expires, you can no longer sign in to the Tenable platform.