Cloud Sensors

By default, Tenable provides regional cloud sensors for use in Tenable Vulnerability Management. You can select these sensors when you create and launch scans.

The following table identifies each regional cloud sensor and, for allow list purposes, its IP address ranges. These IP address ranges are exclusive to Tenable.

Tenable Vulnerability Management

Note: If you use cloud connectors, Tenable recommends allowlisting the IP addresses for the region in which the site resides.

Note: While these IP addresses are for outbound requests, they are also used for inbound cloud.tenable.com requests.

Tip: The cloud sensor and IP address information contained in the table below is also provided in JSON format for users that want to parse the data programmatically.

For Cloud IPs associated with Tenable Attack Surface Management, see Cloud Sensors in the Tenable Attack Surface Management User Guide.

Tip: Add the following for internal scanner or agent communications:

  • 162.159.129.83/32
  • 162.159.130.83/32
  • 162.159.140.26/32

  • 172.66.0.26/32

  • 2606:4700:7::1a

  • 2a06:98c1:58::1a

  • 2606:4700:7::a29f:8153
  • 2606:4700:7::a29f:8253
  • *.cloud.tenable.com with the wildcard character (*) to allow cloud.tenable.com and all subdomains, such as sensor.cloud.tenable.com
Note: For troubleshooting Tenable Web App Scanning issues with Tenable Support, you may be asked to add the following IP range to your allow list:
  • 13.59.250.76/32

Regional cloud sensors appear in the following groups:

  • US East Cloud Scanners: A group of scanners from the us-east-1 (Virginia) or the us-east-2 (Ohio) ranges.
  • US West Cloud Scanners: A group of scanners from the us-west-1 (California) or the us-west-2 (Oregon) ranges.
  • AP Singapore Cloud Scanners: A group of scanners from the ap-southeast-1 (Singapore) range.
  • AP Sydney Cloud Scanners: A group of scanners from the ap-southeast-2 (Sydney) range.
  • AP Tokyo Cloud Scanners: A group of scanners from the ap-northeast-1 (Tokyo) range.
  • CA Central Cloud Scanners: A group of scanners from the ca-central-1 (Canada) range.
  • EU Frankfurt Cloud Scanners: A group of scanners from the eu-central-1 (Frankfurt) range.
  • UK Cloud Scanners: A group of scanners from the eu-west-2 (London) range.
  • Brazil Cloud Scanners: A group of scanners from the sa-east-1 (São Paulo) range.
  • India Cloud Scanners: A group of scanners from the ap-south-1 (Mumbai) range.
  • Amazon GOV-CLOUD: A group of scanners available for Federal Risk and Authorization Management Program (FedRAMP) environments.
  • US Cloud Scanner: A group of scanners from the following AWS ranges:
    • us-east-1 (Virginia)

    • us-east-2 (Ohio)

    • us-west-1 (California)

    • us-west-2 (Oregon)

  • APAC Cloud Scanners: A group of scanners from the following AWS ranges:
    • ap-northeast-1 (Tokyo)
    • ap-southeast-1 (Singapore)
    • ap-southeast-2 (Sydney)

    • ap-south-1 (Mumbai)

  • EMEA Cloud Scanners: A group of scanners from the following AWS ranges:
    • eu-west-1 (Ireland)
    • eu-west-2 (London)
    • eu-central-1 (Frankfurt)

Note: If you are connecting to Tenable Vulnerability Management through Tenable Nessus scanners, Tenable Nessus Agents, Tenable Web App Scanning scanners, or Tenable Nessus Network Monitors (NNM) located in mainland China, you must connect through sensor.cloud.tenablecloud.cn instead of sensor.cloud.tenable.com.