Tenable One Licensing

This topic breaks down the Tenable One licensing process and lists the versions and components you can purchase. It also holds a license calculator with which you can estimate your license needs.

To learn how to use Tenable One, see Tenable One Platform.

Licensing Tenable One

To use Tenable One, you purchase licenses for assets: resources identified by—or managed in—your Tenable products. Some Tenable One products use different asset types. For example, in Tenable Web App Scanning, assets are unique fully qualified domain names (FQDNs), while in Tenable Identity Exposure, they are enabled users in your directory service. Once you have purchased licenses, your Tenable representative assigns them to your products based on the asset types you want to scan or manage.

When your environment expands, so does your asset count, so you purchase more licenses to account for the change. Tenable licenses use progressive pricing, so the more you purchase, the lower the per-unit price. For prices, contact your Tenable representative.

You can reallocate your licenses once per 90 days. For example, if you purchase 1,000 licenses and assign 500 each to Tenable Vulnerability Management and Tenable Security Center, you can switch 100 licenses to Tenable Vulnerability Management if your scan profile requires it. To reallocate licenses, contact your Tenable representative.

Tip: To view your current license count and available assets, in the Tenable top navigation bar, click and then click License Information. To learn more, see License Information Page.
Note: Tenable offers simplified pricing to managed security service providers (MSSPs). To learn more, contact your Tenable representative.

Tenable One Components

You can customize Tenable One for your use case by adding components. Some components are add-ons that you purchase.

Tip: The latest version of the platform is called Tenable One, but there were previously two versions: Enterprise and Standard. The following table lists all versions, but if you are a new customer, you will purchase Tenable One. If you have a Tenable One Standard or Enterprise quote, Tenable will honor it through the end of 2024. If you are a current customer, you can upgrade, downgrade, or renew as follows:

  • Current Tenable One Standard customers — You can upgrade, downgrade, or renew the same version through the end of 2025.

  • Current Tenable One Enterprise customers — You can upgrade, downgrade or renew the same version for the foreseeable future.

Version Version Type Included with Purchase Add-on Component
Tenable One Current version
  • Tenable Security Center+ companion license.

  • OT Security companion license.

  • Tenable Web App Scanning on-premises companion license.

  • If using Tenable Security Center, purchase additional consoles when you need more than three.

  • Tenable Web App Scanning additional concurrency with Tenable cloud scanners.

  • Tenable One Identity Exposure On-Premises.

Tenable One Standard Legacy version
  • Tenable Security Center+ companion license.

  • OT Security companion license.

  • Tenable Web App Scanning on-premises companion license.

Tenable Web App Scanning additional concurrency with Tenable cloud scanners.
Tenable One Enterprise Legacy version
  • Tenable Security Center+ companion license.
  • OT Security companion license.

  • Tenable Web App Scanning on-premises companion license.

  • If using Tenable Security Center, purchase additional consoles when you need more than three.

  • Tenable Web App Scanning additional concurrency with Tenable cloud scanners.

  • Tenable Attack Surface Management Daily Frequency.

Tenable One Asset Values

Tenable One has a centralized platform approach, collecting data from many asset types and providing domain-specific security teams (for example, Tenable Vulnerability Management, Tenable Cloud Security) with specialized domain-specific applications. These applications are similar to point products for managing cloud, web applications, OT assets, and so on, enhanced with context from the Tenable One platform.

The value customers derive from Tenable One varies by the type of resource being managed, as does the cost incurred by Tenable. To align Tenable One pricing to value, we convert the number of different resource types (for example, web servers, cloud resources, OT devices) to a number of Tenable One assets based on ratios defined in the following table. In this way we maintain a single price per Tenable One asset no matter the variety of resources being managed.

The following table defines the Tenable One asset types in each product and compares them to their Tenable One asset value, which is the number of licenses you purchase from Tenable.

Note: Tenable Lumin, Lumin Exposure View, Tenable Inventory, and Attack Path Analysis do not require licenses.
Product Definition Tenable One Asset Value
Tenable Vulnerability Management

Assets are scanned targets from the past 90 days, discovery excluded, or imported assets with vulnerabilities. Examples include hosts, IP addresses, or other targets.

1 of your assets equals 1 Tenable One asset.
Tenable Security Center+ 1 IP address in your environment equals 1 Tenable One asset.
Tenable Web App Scanning

Assets are fully qualified domain names (FQDNs) assessed in the past 90 days. If you only scan IP addresses, those are used instead.

1 FQDN or IP address in your environment equals 1 Tenable One asset.
Tenable Identity Exposure Assets are human or machine identities in your identity service, for example: users, devices, applications, or systems. 1 identity asset in your environment equals 0.50 Tenable One assets.
Tenable Cloud Security CIEM In Tenable Cloud Security, the assets you license are called billable assets. Billable assets are based on public cloud compute instances, public cloud container hosts or orchestrators, serverless assets, container repositories or on-premise container hosts. 1 Tenable Cloud Security CIEM billable asset equals 3 Tenable One assets.
Tenable Cloud Security Standard 1 Tenable Cloud Security Standard billable asset equals 5 Tenable One assets.
Tenable Cloud Security Enterprise 1 Tenable Cloud Security Enterprise billable asset equals 7.50 Tenable One assets.
Tenable OT Security

Assets are detected devices with IP addresses, a single license for each IP address.

 

 

 

1 detected device in your environment equals 1.50 Tenable One assets.

Tenable Attack Surface Management Fortnightly Frequency Assets are observable objects, which are domain names, subdomains, or IP addresses for internet-connected or internal network devices. 1 observable object in your environment equals 0.25 Tenable One assets.
Tenable Attack Surface Management Daily Frequency 1 observable object in your environment equals 0.50 Tenable One assets.

Tenable One Calculator

Use this calculator to estimate your license needs. In the Licenses column, enter your assets. The number of Tenable licenses to purchase appears in the Assets column. You must buy at least 300 licenses at a time.

Tip: Licenses is the number of assets in your environment that you want to manage in Tenable One. Assets is the number of Tenable One assets that you need to purchase.

Warning: This calculator provides an estimate and cannot be used for a sales quote. To get a sales quote, contact your Tenable representative.

Product Type Licenses Ratio Assets
Cloud Products
Tenable Vulnerability Management Assets 1.00 0
Tenable Web App Scanning FDQNs 1.00 0
CIEM Cloud resource workloads 3.00 0
Tenable Cloud Security Standard Cloud resource workloads 5.00 0
Tenable Cloud Security Enterprise Cloud resource workloads 7.50 0
Tenable Identity Exposure Identities 0.50 0
Tenable Attack Surface Management Fortnightly Frequency Observable objects 0.25 0
Tenable Attack Surface Management Daily Frequency Observable objects 0.50 0
On-premise Products
Tenable OT Security Assets 1.50 0
Tenable Web App Scanning FDQNs 1.00 0
Tenable Security Center+ IP addresses 1.00 0
Totals        

Total Tenable One cloud products

  0    

Total Tenable One on-premise products

  0    

Total Tenable One products

  0    

Reclaiming Licenses

When you purchase Tenable licenses, your total license count is static for the length of your contract unless you purchase more licenses. However, Tenable One products reclaim licenses under some conditions—and then reassign them to new assets in the same product so that you do not run out of licenses.

The following table explains how each Tenable One product reclaims licenses.

Product License Reclamation Process
Tenable Vulnerability Management Licenses from deleted assets are reclaimed within 24 hours. Licenses for assets on a network with Asset Age Out enabled are reclaimed after not being scanned for a length of time you specify. Licenses for all other assets are reclaimed after not being scanned for 90 days.
Tenable Web App Scanning Licenses from deleted assets are reclaimed within 24 hours. Licenses for assets that age out are reclaimed after a length of time you specify, or after 90 days.
Tenable Security Center Licenses are reclaimed when you delete a repository, run a license report, or upload a new license. If you set assets to age out, licenses are reclaimed during nightly cleanup. If you configure your scan settings to remove unresponsive hosts, licenses are reclaimed at scan import. For more information, see License Count in the Tenable Security Center Best Practices Guide.
Tenable Identity Exposure Licenses for enabled users you delete are reclaimed in real time when removed from your environment’s directory service.
Tenable OT Security Licenses for hidden assets are reclaimed in real time, as are licenses for assets that have been offline for more than 30 days. Licenses for assets you remove or hide in the user interface are also reclaimed.
Tenable Attack Surface Management Licenses are reclaimed when individual assets are archived—or when asset sources are removed or age out. Your license count is updated daily.

Exceeding the License Limit

To allow for usage spikes due to hardware refreshes, sudden environment growth, or unanticipated threats, Tenable One licenses are elastic. However, when you scan more assets than you have licensed, Tenable clearly communicates the overage and then reduces functionality in three stages.

Scenario Result
You scan more assets than are licensed for three consecutive days. A message appears in Tenable One.
You scan more assets than are licensed for 15+ days. A message and warning about reduced functionality appears in Tenable One.
You scan more assets than are licensed for 45+ days. A message appears in Tenable One; scan and export features are disabled.
Tip: Improper scan hygiene or product misconfigurations can cause scan overages, which result in inflated asset counts. To learn more, see Scan Best Practices.

Expired Licenses

The Tenable One licenses you purchase are valid for the length of your contract. 30 days before your license expires, a warning appears in the user interface. During this renewal period, work with your Tenable representative to add or remove products or change your license count.

After your license expires, you can no longer sign in to the Tenable platform.