Vulnerability Management Licenses

Your Tenable.io Vulnerability Management instance has a licensed asset limit, which determines the number of assets you can scan for vulnerabilities. If you exceed your license limit, you can temporarily continue to use Tenable.io to scan your assets before adjusting your license as needed.

You can view your license information to see how many assets are currently being counted against your Tenable.io license. You can use this information to evaluate how effectively you are using your asset licenses.

To understand licenses, see the following sections:

Note: You can use the Is Licensed (VM) advanced search filter to view assets that currently count against your Tenable.io license. For more information, see Filter a Table.

How Assets are Counted

Tenable.io analyzes multiple asset attributes, not just IP addresses, to identify an asset. For more information on how Tenable.io identifies an asset, see the Tenable.io FAQ.

Assets are counted towards your license limit depending on how Tenable.io discovers, or sees, the asset. In general, an asset does not count against your license limit unless it has been assessed for vulnerabilities.

Assets Counted Assets Not Counted

Conditions where an asset counts towards your license limit can include:

  • An active scan.
  • An agent scan.
  • An import of asset data that contains information on vulnerabilities (for example, a scan result from Nessus Professional).
  • A connector with Frictionless Assessment.

Conditions where an asset does not count towards your license limit can include:

  • A scan configured with the Host Discovery template or configured to use only the discovery plugins.
  • An import of asset data that does not contain information on vulnerabilities (for example, ServiceNow data).
  • A linked instance of Nessus Network Monitor running in discovery mode.
  • A discovery-only connector, until and unless the asset is scanned for vulnerabilities.

Reclaiming Licenses

When Tenable.io reclaims a license, that license becomes available for a different asset. Tenable.io reclaims licenses in the following scenarios:

  • When a licensed asset has not been scanned for 90 days, it ages out of the license count.
  • If an asset was discovered through connectors and subsequently became licensed, the asset license is reclaimed the day after the asset is terminated. You can observe this event via the connector.

You can monitor licenses that are expected to be reclaimed in your License Information.

Plugins Excluded from the License Limit

The following plugins do not count towards the license limit.

Note: Plugin IDs are static, but Tenable.io occasionally updates plugin names. For the latest information on plugins, see https://www.tenable.com/plugins.

Nessus Plugins set through Discovery Settings

Nessus Plugin ID Family
10180 Port scanners
10335 Port scanners
11219 Port scanners
14274 Port scanners
14272 Port scanners
34220 Port scanners
34277 Port scanners

Nessus Plugins set through Plugins

Nessus Plugin ID Family
45590 General
54615 General
12053 General
11936 General
10287 General
22964 Service Detection
11933 Settings
87413 Settings
19506 Settings
33812 Settings
33813 Settings

Nessus Network Monitor Plugins

Nessus Network Monitor Plugin ID Name
0 Open Ports
12 Host TTL discovered
18 Protocols Information
19 VLAN IDs
20 IPv6 Tunnel Information
113 VXLAN Information
132 Host Attribute Enumeration