Cloud Sensors
By default, Tenable provides regional cloud sensors for use in Tenable Vulnerability Management. You can select these sensors when you create and launch scans.
The following table identifies each regional cloud sensor and, for allow list purposes, its IP address ranges. These IP address ranges are exclusive to Tenable.
Note: If you use cloud connectors, Tenable recommends allowlisting the IP addresses for the region in which the site resides.
Note: While these IP addresses are for outbound requests, only the tenable.io sensor group IP addresses are used for inbound cloud.tenable.com requests.
Tip: The cloud sensor and IP address information contained in the table below is also provided in JSON format for users that want to parse the data programmatically.
For Cloud IPs associated with Tenable Attack Surface Management, see Cloud Sensors in the Tenable Attack Surface Management User Guide.
- 13.59.250.76/32
Regional cloud sensors appear in the following groups:
- US East Cloud Scanners: A group of scanners from the us-east-1 (Virginia) or the us-east-2 (Ohio) ranges.
- US West Cloud Scanners: A group of scanners from the us-west-1 (California) or the us-west-2 (Oregon) ranges.
- AP Singapore Cloud Scanners: A group of scanners from the ap-southeast-1 (Singapore) range.
- AP Sydney Cloud Scanners: A group of scanners from the ap-southeast-2 (Sydney) range.
- AP Tokyo Cloud Scanners: A group of scanners from the ap-northeast-1 (Tokyo) range.
- CA Central Cloud Scanners: A group of scanners from the ca-central-1 (Canada) range.
- EU Frankfurt Cloud Scanners: A group of scanners from the eu-central-1 (Frankfurt) range.
- UK Cloud Scanners: A group of scanners from the eu-west-2 (London) range.
- Brazil Cloud Scanners: A group of scanners from the sa-east-1 (São Paulo) range.
- India Cloud Scanners: A group of scanners from the ap-south-1 (Mumbai) range.
- Amazon GOV-CLOUD: A group of scanners available for Federal Risk and Authorization Management Program (FedRAMP) environments.
- US Cloud Scanner: A group of scanners from the following AWS ranges:
us-east-1 (Virginia)
us-east-2 (Ohio)
us-west-1 (California)
us-west-2 (Oregon)
- APAC Cloud Scanners: A group of scanners from the following AWS ranges:
- ap-northeast-1 (Tokyo)
- ap-southeast-1 (Singapore)
ap-southeast-2 (Sydney)
ap-south-1 (Mumbai)
- EMEA Cloud Scanners: A group of scanners from the following AWS ranges:
- eu-west-1 (Ireland)
- eu-west-2 (London)
eu-central-1 (Frankfurt)
me-central-1 (UAE)
- UAE Cloud Scanners: A group of scanners from the me-central-1 range.
Note: If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.
Tenable FedRAMP Moderate Cloud Sensors
-
For cloud based network scans, add the following IP ranges to your allow list:
-
3.32.43.0 - 3.32.43.31 (3.32.43.0/27)
-
3.31.100.0/24
-
2600:1f12:98d:c900::/56
-
-
For internal scanner or agent communications, add the following IP ranges to your allow list:
- 52.61.37.84
- 15.200.117.191
-
172.65.64.208
-
172.65.64.209
-
172.65.64.210
-
172.65.64.211
-
2606:4700:78::120:0:1200
-
2606:4700:78::120:0:1201
-
2606:4700:78::120:0:1202
-
2606:4700:78::120:0:1203