Skip to main content
This section lists the frequently asked questions on using Vulnerability Scanner via Tenable.

LevelBlue Vulnerability Management Scanning

Is the LevelBlue Vulnerability Scanner replacing the Tenable.io BlueApp?
No. The Tenable.io BlueApp uses a separate Tenable account, and is not fully integrated with LevelBlue USM. Asset group scans, authenticated scans, and other native USMA workflows are only supported through LevelBlue Vulnerability Scanner.
Can the LevelBlue Vulnerability Scanner coexist with Tenable.io BlueApp?
Yes, but this may result in duplicate security data.
Can I use jOVAL and LevelBlue Vulnerability Scanner at the same time?
No. Enabling LevelBlue Vulnerability Scanner disables the jOVAL scanner.
Will existing scheduled scans be preserved?
No. All custom scheduled scan jobs must be recreated in the USMA Scheduler. There is no automated migration.
Will existing asset credentials still work?
Yes. The credential manager remains unchanged.
Which scan actions are deprecated?
Debug scan actions for assets and asset groups have been deprecated.
Can I access scan results in the Tenable portal?
Yes, but it is optional. Scan results and vulnerabilities are imported into LevelBlue USM automatically.
How do I log into the Tenable portal?
After the initial configuration, you will receive an email with the portal link, username, and password. Additional user accounts will have to be provisioned in the Tenable portal.
Save your Tenable username. It is required for USMA Technical Support and is tied to your USMA domain.
Which user roles can configure the scanner and settings in LevelBlue USM?
Only users with the USMA Manager role.
What data regions are supported?
The following regions are supported: Australia, Brazil, Canada, European Union, India, Japan, Singapore, United Kingdom, and United States.

Tenable Vulnerability Scanner

Why is LevelBlue switching from jOVAL to Tenable?
The Tenable integration delivers improved scan quality, greater deployment flexibility, stronger vulnerability tracking, and long-term cost efficiency compared to the legacy built-in scanner.
What are the key benefits of the Tenable integration?
Customers get flexible deployment options, improved vulnerability detection, access to their own Tenable portal, and more comprehensive visibility into risk.
Is the scanner included with my USM Anywhere subscription?
Yes. The Tenable scanner is included at no additional cost for USM Anywhere customers.
Can I still use the jOVAL scanner?
The jOVAL scanner will be retured on 01 April 2026. Customers should plan to transition to the Tenable integration before that date.
How is the Tenable scanner different from the previous scanner?
The Tenable scanner runs as a separate application deployed in your environment rather than being embedded directly in the USM sensor.
What deployment method is recommended?
The Tenable Core virtual appliance is recommended to reduce environmental issues and simplify installation.
What are the minimum system requirements?
Your system should have at least 4 CPU cores and 8GB of RAM.
For best performance, 8 cores and 16GB of RAM are recommended.
Where else can I install the scanner?
LevelBlue supports scanner installations on Windows, macOS, and Linux. Other platforms may be supported by Tenable, but are not supported by LevelBlue.
What operating system does the Tenable virtual appliance use?
The Tenable-provided virtual appliance runs on Oracle Linux 9.
What ports does the scanner use?
Port 8000 is used for OS-level management; while port 8834 is used for Nessus scanner interface.
How long does the scanner initialization take?
Initial setup can take up to 20 minutes while plugins download. Scans should only be started after plugin updates are completed.
Can I scan across different regions?
Yes, cross-region scanning is supported. Region selection only determines where scan data is stored.
What firewall rules are needed?
The scanner initiates outbound connections over port 443 to Tenable cloud services. It must be able to reach the systems being scanned on their required ports.
Does the scanner require inbound connections?
No. All scanner communication is initiated outbound.
How do I get started with the integration?
Enable the LevelBlue Vulnerability Scanner Powered by Tenable BlueApp in USM Anywhere. Select a region, provide an email address, and then follow the instructions provided to deploy the scanner.
Can I change my domain information after the initial configuration?
No. Domain information cannot be changed after the initial setup.
Do I need to configure scanner groups?
No. Scanner groups are only needed in advanced scenarios where a single scanner cannot complete scans within the required time window.
Do I need to configure networks?
No. Network configuration is only required when scanning overlapping IP address spaces, which is uncommon.
What types of scans are available?
Authenticated scans, asset-based scans, group-based scans, scheduled scans, and event-triggered scans are supported.
What scan templates are available from USM Anywhere?
Basic Network Scan is recommended. Advanced Network Scan is also available, and uses similar defaults.
What other scan templates are available in Tenable?
Additional templates include host discovery, policy compliance audits, and targeted scans for specific vulnerabilities.
Can I scan public IP addresses?
Yes. Public IPs can be scanned using Tenable cloud scanners.
Are there license limits for scanning?
No, there are no license limits for private IP scanning. However, individual scan jobs are limited to 8,192 assets per batch.
Should I use cloud or internal scanners?
Use internal scanners for internal networks and cloud scanners for external-facing assets.
What authentication methods are supported?
SSH key-based authentication and password-based authentication are supported. Scans attempt the least-privilege access when full privileges are unavailable.
What information do vulnerability results include?
Results include CVE IDs, severity, CVSS scores, vulnerability descriptions, and remediation guidance. Some findings may not be tied to a CVE.
Where can I view the scan results?
Scan results appear in the platform where the scan is launched. Scans that have been launched from USM Anywhere are visible in USM Anywhere; while scans that have been launched in Tenable are available in the Tenable portal.
Can I access the Tenable portal directly?
Yes. Customers will receive access to their own Tenable tenant, and can log in directly at http://cloud.tenable.com.
What can I do in the Tenable portal?
You can manage users, review scan results, configure settings, run scans, and explore additional Tenable capabilities.
How are scanner updates handled?
Scanner updates are delivered automatically from the Tenable cloud. OS updates are not automatic by default, and may require configuration and a reboot, depending on your setup.
How do I check the CVE coverage?
CVE coverage, including newly-released and in-progress vulnerability checks, can be reviewed on the public Tenable Plugins page.
Is the Tenable scanner FedRAMP authorized?
The included scanner is not FedRAMP authorized. Tenable offers a separate FedRAMP-compliant solution for customers with those requirements.
How are audit logs maintained?
Activity and audit logs are maintained within the Tenable portal and can be collected into USM Anywhere for long-term storage and analysis.