We have three or four use cases.
The first is enterprise vulnerability management through continuous scanning. Twice a week, every week, we fully authenticate every host in the environment to perform authenticated scans. The caveat there is our mobile workstations, like our Macs or our Windows laptops. We've deployed agents on them and we do those scans daily.
The second use case is baseline adherence. We have tailored, customized, secure baselines for about 40 technologies in the environment and we attest to them once a week: everything from common server versions, to a dozen or more database technologies, to middleware, etc.
Thirdly, we use Tenable.io as our PCI ASV. That's our scanning platform to satisfy some of our PCI controls.
Finally, we also use Tenable.io to perform truly continuous - in the sense that it never stops - unauthenticated scanning at the perimeter.
We use Tenable to monitor many dozens of technologies. For the most part, any database technology you can think of: multiple versions of Windows Server, Windows 10 on the workstation, High Sierra and Mojave for macOS, a bunch of different networking technologies. The list goes on.