Tenable Vulnerability Management Licenses
Your Tenable Vulnerability Management instance has a licensed asset limit, which determines the number of assets you can scan for vulnerabilities. If you exceed your license limit, you can temporarily continue to use Tenable Vulnerability Management to scan your assets before adjusting your license as needed.
You can view your license information to see how many assets are currently being counted against your Tenable Vulnerability Management license. In addition, you can use the Licensed filter on the Assets workbench to view assets that count against your Tenable Vulnerability Management license. For more information, see Asset Filters.
Note: On the Settings > Licenses page in Tenable Vulnerability Management, License Overview and Licensed Assets by Scan Source widgets display real-time counts for different types of licensed assets. The Licensed Assets Trend wizard reflects the total counts for Tenable Vulnerability Management, Tenable Web App Scanning, and Tenable Container Security licensed assets, available in date ranges you select up until one day prior to present day.
How Assets are Counted
Tenable Vulnerability Management analyzes multiple asset attributes, not just IP addresses, to identify an asset. For more information on how Tenable Vulnerability Management identifies an asset, see the Tenable Vulnerability Management FAQ.
Assets are counted towards your license limit depending on how Tenable Vulnerability Management discovers, or sees, the asset. In general, an asset does not count against your license limit unless it has been assessed for vulnerabilities.
Assets Counted | Assets Not Counted |
---|---|
Conditions where an asset counts towards your license limit include:
|
Conditions where an asset does not count towards your license limit include:
|
In general, assets scanned by both network and agent-based scans are not double counted towards your license. Tenable Vulnerability Management determines whether an asset is unique by matching Identification Attributes (IAs) such as Network UUID or Fully Qualified Domain Name (FQDN). For a complete list of Identification Attributes used by Tenable Vulnerability Management, see How Does Tenable Vulnerability Management Identify an Asset as Unique.
Reclaiming Licenses
When an asset is deleted, it is removed from the Assets workbench in the Explore section of Tenable Vulnerability Management. It can take up to 24 hours for the asset deletion to be reflected in your license count.
When Tenable Vulnerability Management reclaims a license, that license becomes available for a different asset. Tenable Vulnerability Management reclaims licenses in the following scenarios:
- When a licensed asset is deleted or has not been scanned for a period of time, the asset ages out of your license count.
-
If the asset is an Explore asset, then Tenable Vulnerability Management removes the asset from your asset count within 24 hours. All other assets remain on your license count until 90 days after Tenable Vulnerability Management last sees the asset in a scan.
Note: If an asset is part of a network with an Asset Age Out setting, this setting overrides these default settings. For more information, see View or Edit a Network.
-
If an asset is discovered through connectors and is then licensed, the asset license is reclaimed the day after the asset is terminated. You can observe this event via the connector.
Plugins Excluded from the License Limit
The following plugins do not count towards your license limit.
Note: Plugin IDs are static, but Tenable Vulnerability Management occasionally updates plugin names. For the latest information on plugins, see Tenable Plugins.
Tenable Nessus Plugins set through Discovery Settings:
Tenable Nessus Plugin ID | Plugin Name |
---|---|
10180 | Ping the remote host |
10335 | Nessus TCP scanner |
11219 | Nessus SYN scanner |
14274 | Nessus SNMP Scanner |
14272 | Netstat Portscanner (SSH) |
34220 | Netstat Portscanner (WMI) |
34277 | Nessus UDP Scanner |
Tenable Nessus Plugins set through Plugins:
Tenable Nessus Plugin ID | Plugin Name |
---|---|
45590 | Common Platform Enumeration (CPE) |
54615 | Device Type |
12053 | Host Fully Qualified Domain Name (FQDN) |
11936 | OS Identification |
10287 | Traceroute Information |
22964 | Service Detection |
11933 | Do not scan printers |
87413 | Host Tagging |
19506 | Nessus Scan Information |
33812 | Port scanners settings |
33813 | Port scanner dependency |
Tenable Nessus Network Monitor Plugins:
Tenable Nessus Network Monitor Plugin ID | Plugin Name |
---|---|
0 | Open Ports |
12 | Host TTL discovered |
18 | Generic Protocol Detection |
19 | VLAN ID Detection |
20 | Generic IPv6 Tunnel Traffic Detection |
113 | VXLAN ID Detection |
132 | Host Attribute Enumeration |