Tenable Vulnerability Management Licensing
This topic breaks down the licensing process for Tenable Vulnerability Management as a standalone product. It also explains how assets are counted, lists add-on components you can purchase, explains how licenses are reclaimed, and notes plugins whose output is excluded from your license count.
Licensing Tenable Vulnerability Management
To use Tenable Vulnerability Management, you purchase licenses based on your organizational needs and environmental details. Tenable Vulnerability Management then assigns those licenses to your assets: assessed resources from the past 90 days, either identified on scans or imported with vulnerabilities (for example, servers, storage devices, network devices, virtual machines, or containers).
When your environment expands, so does your asset count, so you purchase more licenses to account for the change. Tenable licenses use progressive pricing, so the more you purchase, the lower the per-unit price. For prices, contact your Tenable representative.
How Assets Are Counted
When Tenable Vulnerability Management scans an asset, it compares it to previously discovered assets. In general, if the new asset does not match a previously discovered asset and has been assessed for vulnerabilities, it counts towards your license.
Tenable Vulnerability Management uses a complex algorithm to identify new assets without creating duplicates. The algorithm looks at the asset’s BIOS UUID, MAC address, NetBIOS name, fully qualified domain name (FQDN), and more. Authenticated scanners or agents also assign a Tenable UUID to each asset to mark it as unique. For more information, see the Tenable Vulnerability Management FAQ.
The following table describes when assets count towards your license.
Counted Towards Your License | Not Counted Towards Your License |
---|---|
|
|
Tenable Vulnerability Management Components
You can customize Tenable Vulnerability Management for your use case by adding components. Some components are add-ons that you purchase.
Included with Purchase | Add-on Component |
---|---|
|
|
Reclaiming Licenses
When you purchase licenses, your total license count is static for the length of your contract unless you purchase more licenses. However, Tenable Vulnerability Management reclaims licenses under some conditions—and then reassigns them to new assets so that you do not run out of licenses.
The following table explains how Tenable Vulnerability Management reclaims licenses.
Asset Type | License Reclamation Process |
---|---|
Deleted assets | Tenable Vulnerability Management removes deleted assets from the Assets workbench and reclaims their licenses within 24 hours. |
Aged out assets |
In Settings > Sensors > Networks, if you enable Asset Age Out, Tenable Vulnerability Management reclaims assets after they have not been scanned for a period you specify. |
Assets from connectors |
Tenable Vulnerability Management reclaims assets from connectors the day after they are terminated. You can observe this event in each connector. |
All other assets | Tenable Vulnerability Management reclaims all other assets—such as those imported from other products or assets with no age-out setting—after they have not been scanned for 90 days. |
Exceeding the License Limit
To allow for usage spikes due to hardware refreshes, sudden environment growth, or unanticipated threats, Tenable licenses are elastic. However, when you scan more assets than you have licensed, Tenable clearly communicates the overage and then reduces functionality in three stages.
Scenario | Result |
---|---|
You scan more assets than are licensed for three consecutive days. | A message appears in Tenable Vulnerability Management. |
You scan more assets than are licensed for 15+ days. | A message and warning about reduced functionality appears in Tenable Vulnerability Management. |
You scan more assets than are licensed for 45+ days. | A message appears in Tenable Vulnerability Management; scan and export features are disabled. |
Expired Licenses
The Tenable Vulnerability Management licenses you purchase are valid for the length of your contract. 30 days before your license expires, a warning appears in the user interface. During this renewal period, work with your Tenable representative to add or remove products or change your license count.
After your license expires, you can no longer sign in to the Tenable platform.
Excluded Plugin Output
The plugins listed in this section do not count towards your license limit.
Note: Plugin IDs are static, but Tenable products may sometimes update plugin names. For the latest information on plugins, see Tenable Plugins.
Tenable Nessus Plugins in Discovery Settings
Configure the following Tenable Nessus plugins in Discovery Settings. These plugins do not count towards your license.
Tenable Nessus Plugin ID | Plugin Name |
---|---|
10180 | Ping the remote host |
10335 | Nessus TCP scanner |
11219 | Nessus SYN scanner |
14274 | Nessus SNMP Scanner |
14272 | Netstat Portscanner (SSH) |
34220 | Netstat Portscanner (WMI) |
34277 | Nessus UDP Scanner |
Tenable Nessus Plugins on the Plugins Page
Configure the following Tenable Nessus plugins on the Plugins page. These plugins do not count towards your license.
Tenable Nessus Plugin ID | Plugin Name |
---|---|
45590 | Common Platform Enumeration (CPE) |
54615 | Device Type |
12053 | Host Fully Qualified Domain Name (FQDN) |
11936 | OS Identification |
10287 | Traceroute Information |
22964 | Service Detection |
11933 | Do not scan printers |
87413 | Host Tagging |
19506 | Nessus Scan Information |
33812 | Port scanners settings |
33813 | Port scanner dependency |
209654 | OS Fingerprints Detected |
Tenable Nessus Network Monitor Plugins
The following Tenable Nessus Network Monitor plugins do not count towards your license.
Tenable Nessus Network Monitor Plugin ID | Plugin Name |
---|---|
0 | Open Ports |
12 | Host TTL discovered |
18 | Generic Protocol Detection |
19 | VLAN ID Detection |
20 | Generic IPv6 Tunnel Traffic Detection |
113 | VXLAN ID Detection |
132 | Host Attribute Enumeration |