Concurrency Limiting

There are maximum limits for concurrent export requests. Tenable Vulnerability Management applies these limits on concurrent exports to ensure that all customers experience the same level of service. You can have a maximum of ten or three active concurrent export requests per Vulnerability Management customer instance or container depending on which endpoint you are using. Additionally, there is a maximum limit for concurrent scans. You can have a maximum of 25 active scans per Vulnerability Management customer instance or container.

If you submit an API request after you reach the concurrency limit, Vulnerability Management returns an HTTP response message with a 429 (Too Many Requests) status code. The response also includes a retry-after header element that specifies the number of seconds to wait before retrying.

Contact your Tenable representative if you have further questions regarding concurrent exports or concurrent scans.

Example Response Header

connection:keep-alive 
content-length:580 
content-type:text/html
date:Wed, 24 Oct 2018 17:13:43 GMT 
retry-after:30 
server:tenable.io
strict-transport-security:max-age=63072000; includeSubDomains
x-content-type-options:nosniff
x-gateway-site-id:nginx-router-b-eng-us-east-1.dcld
x-path-handler:tenable-io-plugins-plugin

Concurrent Export Limits

The following table outlines the concurrency limits for specific Vulnerability Management export endpoints.

LimitAffected Endpoints
Ten concurrent exports per container. Vulnerability Management also prevents duplicate exports from running concurrently. For example, export requests with the same filters.
Three concurrent requests per Vulnerability Management customer instance.

Note: This limit is subject to change.

Concurrent Active Scan and Scan Processing Limits

The following table outlines the concurrency limit for active scans and scan processing in Vulnerability Management. An active scan is defined as any Vulnerability Management or web application scan not in a completed, stopped, empty, imported, aborted, or canceled status. For a full list of scan statuses, see Scan Status. Additionally, this limit includes the processing of agent scan data.

LimitAffected Endpoint
25 active scans (including agent processing) per container.

Note: To get the count of active scans in your container, use the Get scan count endpoint with the query parameter active set to true.