Vulnerability Management Licenses

Your Tenable.io Vulnerability Management instance has a licensed asset limit, which determines the number of assets you can scan for vulnerabilities. If you exceed your license limit, you can temporarily continue to use Tenable.io to scan your assets before adjusting your license as needed.

You can view your license information to see how many assets are currently being counted against your Tenable.io license. You can use this information to evaluate how effectively you are using your asset licenses.

To understand licenses, see the following sections:

Caution: You may see different license counts in the Vulnerability Management workbenches in the classic interface and workbench APIs than what is seen on the Dashboards, Lumin, Explore, and License pages in the new interface. Tenable uses the license count found on the License page in Settings for billing purposes. Note that the workbench APIs will be updated in Q3 of 2022 to reflect the license count in the new interface.

Note: You can use the Licensed advanced search filter to view assets that currently count against your Tenable.io license. For more information, see Filter a Table.

Note: In the Settings > Licenses page in Tenable.io, License Overview and Licensed Assets by Scan Source widgets display real-time counts for different types of licensed assets. The Licensed Assets Trend wizard reflects the total counts for Vulnerability Management, Web Application Scanning, and Container Security licensed assets, available in date ranges you select up until one day prior to present day.

How Assets are Counted

Tenable.io analyzes multiple asset attributes, not just IP addresses, to identify an asset. For more information on how Tenable.io identifies an asset, see the Tenable.io FAQ.

Note: Cloud resource assets are licensed if the asset has a compute terraform resource type and has been scanned within the past 90 days.

Assets are counted towards your license limit depending on how Tenable.io discovers, or sees, the asset. In general, an asset does not count against your license limit unless it has been assessed for vulnerabilities.

Assets Counted Assets Not Counted

Conditions where an asset counts towards your license limit can include:

  • An active scan.
  • An agent scan.
  • An import of asset data that contains information on vulnerabilities (for example, a scan result from Nessus Professional).
  • A connector with Frictionless Assessment.
  • Cloud resource assets are licensed if the asset has a compute terraform resource type and has been scanned within the past 90 days.

  • Host and Web Application Scanning (WAS) asset types are licensed if the last licensed scan was within the past 90 days.

Conditions where an asset does not count towards your license limit can include:

  • A scan configured with the Host Discovery template or configured to use only the discovery plugins.
  • An import of asset data that does not contain information on vulnerabilities (for example, ServiceNow data).
  • A linked instance of Nessus Network Monitor running in discovery mode.
  • A discovery-only connector, until and unless the asset is scanned for vulnerabilities.

Reclaiming Licenses

Note: When an asset is deleted, it is removed from the Assets page in the Explore section in Tenable.io, and it may take up to 24 hours for the asset deletion to be reflected in the license count.

When Tenable.io reclaims a license, that license becomes available for a different asset. Tenable.io reclaims licenses in the following scenarios:

  • When a licensed asset is deleted or has not been scanned for a period of time, the asset ages out of your license count:

    • If the asset is an Explore asset, then Tenable.io removes the asset from your asset count within 24 hours. All other assets remain on your license count until 90 days after Tenable.io last sees the asset in a scan.

      Note: If an asset is part of a network with an Asset Age Out setting, this setting overrides these default settings. For more information, see View or Edit a Network.

  • If an asset was discovered through connectors and subsequently became licensed, the asset license is reclaimed the day after the asset is terminated. You can observe this event via the connector.

You can monitor licenses that are expected to be reclaimed in your License Information.

Plugins Excluded from the License Limit

The following plugins do not count towards the license limit.

Note: Plugin IDs are static, but Tenable.io occasionally updates plugin names. For the latest information on plugins, see https://www.tenable.com/plugins.

Nessus Plugins set through Discovery Settings

Nessus Plugin ID Family
10180 Port scanners
10335 Port scanners
11219 Port scanners
14274 Port scanners
14272 Port scanners
34220 Port scanners
34277 Port scanners

Nessus Plugins set through Plugins

Nessus Plugin ID Family
45590 General
54615 General
12053 General
11936 General
10287 General
22964 Service Detection
11933 Settings
87413 Settings
19506 Settings
33812 Settings
33813 Settings

Nessus Network Monitor Plugins

Nessus Network Monitor Plugin ID Name
0 Open Ports
12 Host TTL discovered
18 Protocols Information
19 VLAN IDs
20 IPv6 Tunnel Information
113 VXLAN Information
132 Host Attribute Enumeration