Vulnerability Management

Solution Overview provides the industry's most comprehensive vulnerability coverage with the ability to predict which security issues to remediate first.

The IT landscape is changing,and your security strategy needs to change along with it. IT environments today are filled with traditional and modern, dynamic assets. Beyond physical servers, organizations are embracing virtual and cloud assets, which can be deployed quickly as needed, on demand. These elastic assets, including mobile devices and containers, come and go from networks in an instant. Traditional quarterly, monthly or even weekly vulnerability scanning is no longer enough to provide the visibility and security needed as part of a Cyber Exposure program.

Organizations need a modern, comprehensive strategy to quickly and accurately identify vulnerabilities and misconfigurations in their dynamic infrastructures, that delivers clear guidance and recommendations on how to prioritize and remediate any exposures to risk. helps solve today’s toughest vulnerability management challenges. Using an advanced asset identification algorithm, it also provides the most accurate information about dynamic assets and vulnerabilities in ever-changing environments. As a cloud-delivered solution, its intuitive dashboard visualizations, comprehensive risk-based prioritization, and seamless integration with third-party solutions help security teams maximize efficiency and scale for greater productivity. When visibility and insight matter most, this product will helps you focus on the right action every time.

Offers a first-to-market asset-based licensing model that consumes just a single license unit per asset, even if the asset has multiple IP addresses. The solution’s elastic model also continues to permit scanning when license counts are temporarily exceeded and automatically recovers licenses for rarely scanned assets or one-time bursts.

Leverages Nessus Sensors,a mix of active scanners, agents,and passive network monitoring,to help maximize scan coverage across your infrastructure and reduce vulnerability blind spots. This mix of data sensor types helps you include hard-to-scan assets in your vulnerability management program, such as transient devices analyzed by agents, and sensitive systems like industrial control systems which, can be monitored through passive traffic listening.

Provides the ability to track assets and their vulnerabilities more accurately than any other solution in the industry. An advanced asset identification algorithm uses an extensive set of attributes (such as Tenable ID, NetBIOS name, MAC address and many others) to accurately identify and track changes to assets, regardless of how they roam or how long they last.

Prioritizes vulnerabilities based on the probability that it will be leveraged in an attack by combining over 150 data sources, including Tenable and third-party vulnerability and threat data. A proprietary machine learning algorithm is used to identify vulnerabilities with the highest likelihood of exploitability to help you focus first on the security issues that matter most to your organization.

Through a modern interface with intuitive dashboard visualizations, makes common tasks, such as configuring scans, running an assessment, and analyzing results, easier than ever. Pre-defined scan templates and configuration audit checks that follow best practices frameworks,such as CIS and DISA STIG,help you protect your organization with a fraction of the effort otherwise needed. Customize your reporting and analysis with pre-configured, out-of-the-box dashboards or quickly build your own from a blank canvas to meet organizational needs.

Enables continuous visibility and assessments into public cloud environments. Cloud Connectors automatically identify assets in Amazon Web Services, Microsoft Azure, and Google Cloud Platform and monitor their status in real-time. Assess cloud environments with Nessus Sensors to detect vulnerabilities, malware, and configuration and compliance issues.

Has pre-built integrations –called “plugins” -available for popular credential management, SIEM, ticketing systems and other complementary solutions, so you can easily build an efficient vulnerability management process. A complete listing can be found here: Additionally, you can easily create your own integrations to by leveraging a fully documented API set and SDK. There is no extra cost to use these tools to maximize the value of your vulnerability data

Tenable provides the vulnerability management industry’s first and only uptime guarantee through a robust service level agreement (SLA) for Service credits are offered if the SLA is not met, just like leading cloud vendors, such as Amazon Web Services.

A PCI-Certified Approved Scanning Vendor (ASV) solution that enables merchants and service providers to demonstrate their Internet-facing systems are secure, according to PCI Data Security Standard (PCI DSS) external network vulnerability scanning requirements.

Backed by Tenable Research, delivering world-class Cyber Exposure intelligence, data science insights, alerts, and security advisories. Frequent updates from Tenable Research ensure the latest vulnerability checks, zero-day research, and configuration benchmarks are immediately available to help you secure your organization.


Eliminate Blind Spots

Boost Productivity

Prioritize Cyber Risks

Automate Processes

Maximize ROI

Eliminate Blind Spots. Provides 32% greater vulnerabilitycoverage than competitors, with more than 109,000 plugins across both applications and operating systems.

Boost Productivity. Take advantage of the SaaS-based solution to run yourinitial assessments in less than 5 minuteswithout the IT hardware or maintenance burden.

Prioritize Cyber Risks. Reduce the number of vulnerabilities requiring immediate attention by up to 97% with Predictive Prioritization.

Automate Processes. Leverage a fully documented API and pre-built integrations to import third-party data, automate scans, and share data with your IT systems.

Maximize ROI. Eliminate double-or triple-counting of assets that have multiple IP addresses with the industry’s first asset-based licensing model. System Requirements

Display Settings

Minimum screen resolution: 1440 x 1024

Supported Browsers

  • Google Chrome (40+)
  • Apple Safari (8+)
  • Mozilla Firefox (38+)
  • Internet Explorer (11+)

2020 Nov

  • IPv6 support: Nessus Agent 8.1.0+ and Nessus Scanner 8.12.0+ now support communicating with using IPv6.
  • TIO UI Performance Improvements: A number of updates have been made recently to the UI to improve the performance and usability of the site. These updates were focused on improving the initial load of the site as well as its responsiveness.

Bug fixes

Fixed an issue with vulnerability workbench where assets with no vulnerabilities were appearing in the By Asset view with "no data" displayed next to them n/a


2020 Oct

  • The Resource Center is now available in It consolidates help documentation, notifications, new releases, and other helpful content in one easy to access location.
  • New user interface enhancements. These changes are designed to allow users to access more information quickly and allow them to more easily assess and manage their vulnerabilities. A few key highlights include:
    • A new custom dashboard experience where you can create new dashboards from scratch or customize dashboards from a template. You can also easily set your preferred default dashboard.
    • Summary snapshot widgets with click-to-apply quick filters were added to key landing pages, including Assets and Vulnerability pages.
    • Redesigned Vulnerability Details page with key information and output details prominently displayed.
    • Ability to easily add a recast rule directly from the vulnerability details page within a specific asset view. You can also edit existing rules from the same page.
    • Quick Action button added to global menu bar, simplifying workflows and giving you quick and easy access to key actions.
  • The release of an Event History feature for the AWS and Azure Cloud Connectors. Event History will give cloud connector users an up to date history of the events going on with their cloud connectors. This will help inform users about their connector status during setup as well as debugging and general health status of their connectors. For more information, see View Connector Event History in the Vulnerability Management User Guide.
  • To improve performance, the Search feature for Hostnames and IPs, on the Asset Affected tab of Vulnerability Details page in the new Interface, was changed to use the "begins with" filtering operator instead of "contains". The "contains" operator continues to be available in the filters on the page.
  • Vulnerability Export public API endpoint will return 30 days worth of data, if no filters or no date based filters are applied. For more information, see the /vulns/export endpoint in the Tenable Developer Portal.
  • New and improved Dashboard Management. With the new dashboard management experience, you can create, edit, duplicate, or delete dashboards from a single place, as well as search dashboards or dashboard templates and also change your default dashboard. For more information, see Manage Dashboards in the Vulnerability Management User Guide.
  • Exporting Assets and VM landing pages. For more information, see Export a Full Dashboard in the Vulnerability Management User Guide.

Bug Fixes

Scan results cannot be accessed in new UI 01074204
Unable to launch scan migrated from classic UI 01070881
Email configuration is missing in new UI 01077241
Plugin details cannot be accessed from scan results 01083195
Disabled schedule scans still launch on classic UI 01091776, 01090684
Fixed issues where the has_agent attribute was not properly applied to the assets. 01051804


  • General availability of Scan Routing feature. Scan routing minimizes the need to select specific scanners for individual scans and reduces the management and configuration overhead of scanning for customers. For more information, see Example: Scan Routing in the Vulnerability Management User Guide.
  • Asset Criticality Score and Asset Exposure Score are now available in the output of the public bulk asset export API
  • New filters for deleted and terminated assets added to the asset workbench UI and public asset export API

Bug fixes .csv exports do not match the output displayed in the UI 01030343
.csv export did not include all hosts 01054578
Importing assets via API doesn't add source consistently 01029210
  • Added the ability to filter vulnerability export API results by plugin id

Big fixes Vulnerability Management Resolved an issue where results of Export API "Is Licensed" filter were not matching results Asset Workbench. After the fix, the asset export API will returned all licensed assets (including recently deleted assets that are licensed) when is_licensed filter is applied 01027750
Scan Exports Missing Assets/Results. Multiple issues and CS tickets related to missing or incomplete data in scan exports were resolved by this fix n/a
This change resolved multiple issues related to intermittent failures of Asset exports via API 01055015
Resolve issues related to difference between vulnerabilities shown in the UI and the ones appearing in data exports 01035296
  • Added support for Hashicorp AD secret store and Hashicorp KV V2 secret store

    For more information on with Hashicorp, see for Hashicorp Vault in the Tenable Integrations Guide.

  • Added a new “Display Unicode characters” setting under Settings/Report to improve the handling of UTF-16 encoded strings encountered in SMB, WMI, and SSL protocols on Windows targets. When enabled, unicode characters appear in plugin output such as usernames, installed application names, and SSL certificate information. For more information, see Report Settings in the Vulnerability Management User Guide.
    Note: Plugin output may sometimes incorrectly parse or truncate strings with unicode characters. If this issue causes problems with regular expressions in plugins or custom audits, disable this setting and scan again.

Bug Fix Vulnerability Management Fixed an issue that caused the "Last Seen" filter with "earlier than" operator on Assets grid to produce unexpected asset data results.

Important Highlights from this Release

  • Added public API support for Solutions in for Lumin customers.
  • Added Asset Criticality Rating (ACR) in the Vulnerability Management pages for Lumin customers. For more information, see Edit an ACR in the Vulnerability Management User Guide.

Important Highlights from this Release

  • VM now has the ability to select which fields appear in the .csv export of vulnerability data.

Important Highlights from this Release

  • Splunk V3.1 - Splunk 8 and python 3 support
  • Tenable for Qradar App
  • Vulnerability Management has updated the way scan results are displayed in the UI. Scan results that are older than 90 days will not be visible in the UI. However, customers will be able to export the older scan results in Nessus and CSV formats from the scan results History tab in the UI, or from the public API. This change is limited to results of individual scans older than 90 days and does not impact workbenches, dashboards, reports and other features of

2020 Jun MSSP Portal 1.0 Release Notes (2020-06-11)

New Features

MSSP Logo Management

  • Enables partners to manage their branding needs by exposing the MSSP Logo Management interface. Includes the ability to view, upload, name & delete logo files in the MSSP Portal, as well as the ability to assign logos to one, many or all customer instances. The logo assigned to a customer instance can be updated or removed at any time.

API Changelog

  • For more information about the API changes for this release, see the change log .

2020 Mar MSSP Portal 1.0 Release Notes (2020-03-24)

New Features

  • View Accounts: View and manage multiple client instances through a single login in the MSSP Portal. On the Accounts page, you can view the customer container name, license information, site information, and custom notes.
  • Single Sign On: Log in to any customer instance via the MSSP Portal, removing the need to manage multiple logins for the same user across multiple customer containers.
  • License Data Display: View license information for customer instances in the MSSP Portal, including allocation and utilization.
  • Custom Notes: Create notes for each customer instance within the MSSP Portal, enabling MSSP Partners to track account contacts or internal naming/account numbering conventions. Use the Search bar to search for specific notes.
  • Search: Search your customer instances in the MSSP Portal to quickly access the account you're looking for. The search bar filters by the customer container name, site name, and/or the custom notes fields.
  • User Management: Create, update, enable, and disable users from the MSSP Portal. This feature is currently limited to administrators for this release.

E-SPIN Value Proposition

E-SPIN have actively promoted Tenable's full range of products and technologies as part of the company Vulnerability Management solution portfolio – for infrastructure, network, server, host and application vulnerability assessment and reporting and Security Management solution portfolio – for security and risk compliance audit and configuration check/reporting. E-SPIN is active in providing consulting, supplying, training and maintaining Tenable products for the enterprise, government and military customers (or distribute and resell as part of the complete package) in the region E-SPIN do business. The enterprise range from university to listed corporation IT security professionals on the vulnerability assessment and penetration testing, security audit, or IT security company on the security operation center (SOC) for configuration security check and audit for security risk compliance or red team / cyber security / cyber warfare / military security defense applications and infrastructure network audit.

Please feel free to contact E-SPIN for your inquiry and requirement, so we can assist you on the exact requirement in the packaged solutions that you may require for your operation or project needs.