> ## Documentation Index
> Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt
> Use this file to discover all available pages before exploring further.

# LevelBlue Vulnerability Scanner FAQs

This section lists the frequently asked questions on using Vulnerability Scanner via Tenable.

### LevelBlue Vulnerability Management Scanning

<Accordion title="Frequently Asked Questions">
  > *Is the LevelBlue Vulnerability Scanner replacing the Tenable.io BlueApp?*

  No. The Tenable.io BlueApp uses a separate Tenable account, and is not fully integrated with LevelBlue USM. Asset group scans, authenticated scans, and other native USMA workflows are only supported through LevelBlue Vulnerability Scanner.

  > *Can the LevelBlue Vulnerability Scanner coexist with Tenable.io BlueApp?*

  Yes, but this may result in duplicate security data.

  > *Can I use jOVAL and LevelBlue Vulnerability Scanner at the same time?*

  No. Enabling LevelBlue Vulnerability Scanner disables the jOVAL scanner.

  > *Will existing scheduled scans be preserved?*

  No. All custom scheduled scan jobs must be recreated in the USMA Scheduler. There is no automated migration.

  > *Will existing asset credentials still work?*

  Yes. The credential manager remains unchanged.

  > *Which scan actions are deprecated?*

  Debug scan actions for assets and asset groups have been deprecated.

  > *Can I access scan results in the Tenable portal?*

  Yes, but it is optional. Scan results and vulnerabilities are imported into LevelBlue USM automatically.

  > *How do I log into the Tenable portal?*

  After the initial configuration, you will receive an email with the portal link, username, and password. Additional user accounts will have to be provisioned in the Tenable portal.

  <Tip>
    Save your Tenable username. It is required for USMA Technical Support and is tied to your USMA domain.
  </Tip>

  > *Which user roles can configure the scanner and settings in LevelBlue USM?*

  Only users with the USMA Manager role.

  > *What data regions are supported?*

  The following regions are supported: Australia, Brazil, Canada, European Union, India, Japan, Singapore, United Kingdom, and United States.
</Accordion>

***

### Tenable Vulnerability Scanner

<AccordionGroup>
  <Accordion title="General & Overview">
    > *Why is LevelBlue switching from jOVAL to Tenable?*

    The Tenable integration delivers improved scan quality, greater deployment flexibility, stronger vulnerability tracking, and long-term cost efficiency compared to the legacy built-in scanner.

    > *What are the key benefits of the Tenable integration?*

    Customers get flexible deployment options, improved vulnerability detection, access to their own Tenable portal, and more comprehensive visibility into risk.

    > *Is the scanner included with my USM Anywhere subscription?*

    Yes. The Tenable scanner is included at no additional cost for USM Anywhere customers.

    > *Can I still use the jOVAL scanner?*

    The jOVAL scanner will be retured on 01 April 2026. Customers should plan to transition to the Tenable integration before that date.
  </Accordion>

  <Accordion title="Deployment & Installation">
    > *How is the Tenable scanner different from the previous scanner?*

    The Tenable scanner runs as a separate application deployed in your environment rather than being embedded directly in the USM sensor.

    > *What deployment method is recommended?*

    The Tenable Core virtual appliance is recommended to reduce environmental issues and simplify installation.

    > *What are the minimum system requirements?*

    Your system should have at least 4 CPU cores and 8GB of RAM.

    <Tip>
      For best performance, 8 cores and 16GB of RAM are recommended.
    </Tip>

    > *Where else can I install the scanner?*

    LevelBlue supports scanner installations on Windows, macOS, and Linux. Other platforms may be supported by Tenable, but are not supported by LevelBlue.

    > *What operating system does the Tenable virtual appliance use?*

    The Tenable-provided virtual appliance runs on Oracle Linux 9.

    > *What ports does the scanner use?*

    Port 8000 is used for OS-level management; while port 8834 is used for Nessus scanner interface.

    > *How long does the scanner initialization take?*

    Initial setup can take up to 20 minutes while plugins download. Scans should only be started after plugin updates are completed.

    > *Can I scan across different regions?*

    Yes, cross-region scanning is supported. Region selection only determines where scan data is stored.
  </Accordion>

  <Accordion title="Network & Firewall Requirements">
    > *What firewall rules are needed?*

    The scanner initiates outbound connections over port 443 to Tenable cloud services. It must be able to reach the systems being scanned on their required ports.

    > *Does the scanner require inbound connections?*

    No. All scanner communication is initiated outbound.
  </Accordion>

  <Accordion title="Configuration & Setup">
    > *How do I get started with the integration?*

    Enable the LevelBlue Vulnerability Scanner Powered by Tenable BlueApp in USM Anywhere. Select a region, provide an email address, and then follow the instructions provided to deploy the scanner.

    > *Can I change my domain information after the initial configuration?*

    No. Domain information cannot be changed after the initial setup.

    > *Do I need to configure scanner groups?*

    No. Scanner groups are only needed in advanced scenarios where a single scanner cannot complete scans within the required time window.

    > *Do I need to configure networks?*

    No. Network configuration is only required when scanning overlapping IP address spaces, which is uncommon.
  </Accordion>

  <Accordion title="Scanning Capabilities">
    > *What types of scans are available?*

    Authenticated scans, asset-based scans, group-based scans, scheduled scans, and event-triggered scans are supported.

    > *What scan templates are available from USM Anywhere?*

    Basic Network Scan is recommended. Advanced Network Scan is also available, and uses similar defaults.

    > *What other scan templates are available in Tenable?*

    Additional templates include host discovery, policy compliance audits, and targeted scans for specific vulnerabilities.

    > *Can I scan public IP addresses?*

    Yes. Public IPs can be scanned using Tenable cloud scanners.

    > *Are there license limits for scanning?*

    No, there are no license limits for private IP scanning. However, individual scan jobs are limited to 8,192 assets per batch.

    > *Should I use cloud or internal scanners?*

    Use internal scanners for internal networks and cloud scanners for external-facing assets.

    > *What authentication methods are supported?*

    SSH key-based authentication and password-based authentication are supported. Scans attempt the least-privilege access when full privileges are unavailable.

    > *What information do vulnerability results include?*

    Results include CVE IDs, severity, CVSS scores, vulnerability descriptions, and remediation guidance. Some findings may not be tied to a CVE.

    > *Where can I view the scan results?*

    Scan results appear in the platform where the scan is launched. Scans that have been launched from USM Anywhere are visible in USM Anywhere; while scans that have been launched in Tenable are available in the Tenable portal.
  </Accordion>

  <Accordion title="Customer Portal Access">
    > *Can I access the Tenable portal directly?*

    Yes. Customers will receive access to their own Tenable tenant, and can log in directly at [http://cloud.tenable.com](http://cloud.tenable.com).

    > *What can I do in the Tenable portal?*

    You can manage users, review scan results, configure settings, run scans, and explore additional Tenable capabilities.
  </Accordion>

  <Accordion title="Updates & Maintenance">
    > *How are scanner updates handled?*

    Scanner updates are delivered automatically from the Tenable cloud. OS updates are not automatic by default, and may require configuration and a reboot, depending on your setup.
  </Accordion>

  <Accordion title="CVE Coverage">
    > *How do I check the CVE coverage?*

    CVE coverage, including newly-released and in-progress vulnerability checks, can be reviewed on the public [Tenable Plugins](https://www.tenable.com/cve) page.
  </Accordion>

  <Accordion title="Compliance & Security">
    > *Is the Tenable scanner FedRAMP authorized?*

    The included scanner is not FedRAMP authorized. Tenable offers a separate FedRAMP-compliant solution for customers with those requirements.

    > *How are audit logs maintained?*

    Activity and audit logs are maintained within the Tenable portal and can be collected into USM Anywhere for long-term storage and analysis.
  </Accordion>
</AccordionGroup>
