Why are some vulnerable items getting created and some are not for the same CI?

Dommer
Tera Contributor

Hi all,

Can someone explain the process on how Vulnerable Item's get created and what tables are referenced? I have 3 VIT's all with the same CI, but we know Tenable.io found more vulnerabilities for that CI. I can see the vulnerability's in the third-party entries table and populated with data, but there's no VIT for it. The discovered item is there for the CI and clearly is finding a match with a CI lookup rule. All the data is populating so why is VR creating only some VIT's and not all of them for this CI? This is just one example, but its happening with other matching CI's.

 

Thanks,

6 REPLIES 6

Hi @Natascha deJ ,

Were you able to figure out this issue?
I am currently stuck on same issue. 
Thank you

Hi!
SN support was quite unclear about the issue. They mentioned that family id '28' would be "of compliance type" and therefore should be excluded. However, after checking tenable.io family ids, that did not seem to make sense for us. In the Tenable VM manual it says you can check the family ids in the plugin table, and we found this article that helps you pull up the family ids and their labels: List plugins in family (ID)
You can use that to check within your own instance.

We decided to comment out the exclusion part. That can be found in the TenableIOVulnerabilityProcessor script include, in the _handleTPE function. We commented out the part of:

        if (payload.family_id == "39") {
             vulnInfo.ignoreTPE = true;
             return vulnInfo;
        }

For us this led to the desired result of the missing vulnerabilities created and we have not noticed any adverse effects so far.

FYI, SN mentioned that with the next release will have revamped this code entirely; where they configure it with a system property which would allow you to set which id's are excluded. We decided to not wait for that, and will move back to out of the box once this update is here.