Scan Limitations

The following table describes scanning limitations in Tenable Vulnerability Management:

Limitation Description
Targeted IP addresses or hostnames per assessment scan Tenable Vulnerability Management limits the number of IP addresses or hostnames you target with a single assessment scan (for more information, see Discovery Scans vs. Assessment Scans). The host target limit is 10 times your organization's licensed asset count.

For example, if your organization has a licensed asset count of 1,000, Tenable Vulnerability Management does not allow you to target more than 10,000 hostnames or IP addresses in a single assessment scan. If you exceed the limit, Tenable Vulnerability Management aborts the scan.

Targeted IP addresses or hostnames per discovery scan

Tenable Vulnerability Management limits the number of IP addresses or hostnames you target with a single discovery scan (for more information, see Discovery Scans vs. Assessment Scans). The host target limit is 1,000 times your organization's licensed asset count.

For example, if your organization has a licensed asset count of 1,000, Tenable Vulnerability Management does not allow you to target more than 1,000,000 hostnames or IP addresses in a single discovery scan. If you exceed the limit, Tenable Vulnerability Management aborts the scan.

Host scan results per scan Tenable Vulnerability Management limits the number of live hosts for which a single scan can generate scan results for. The live host scan results limit is 1.1 times your organization's licensed asset count.

For example, if your organization has a licensed asset count of 1,000, Tenable Vulnerability Management does not allow you to generate scan results for more than 1,100 live hosts from a single scan. If you exceed the limit, Tenable Vulnerability Management aborts the scan. Tenable Vulnerability Management does not apply the live host scan result limit to discovery scans.

Tenable Vulnerability Management also limits the number of dead hosts for which a single scan can generate scan results for. The dead host scan results limit is 100 times your organization's licensed asset count.

For example, if your organization has a licensed asset count of 1,000, Tenable Vulnerability Management does not allow you to generate scan results for more than 100,000 dead hosts from a single scan. If you exceed the limit, Tenable Vulnerability Management aborts the scan.

Targeted IP addresses or ranges per scan You cannot specify more than 300,000 comma-separated IP addresses or ranges when configuring a scan’s targets.
Active scans You cannot have more than 25 scans running in your container simultaneously.
Scan chunks

Tenable Vulnerability Management limits scan chunks to 10,000 hosts or 150,000 findings. If a scan chunk exceeds either value, Tenable Vulnerability Management does not process the scan and eventually aborts it.

Note: This limits items like MDM assessments, importing Nessus files, and very large Auto Discovery scenarios like VMware to individual scans with less than 10,000 assessed targets.
Scan configurations Tenable Vulnerability Management limits the number of scan configurations you can create to 10,000 scans. Tenable recommends re-using scheduled scans instead of creating new scans. This approach helps to avoid latency issues in the user interface.