Tenable.sc duplicate detections

nancym
ServiceNow Employee

Hi, team! Customer question: "We are using Tenable.sc as our scanner (plugin ver. 3.6.4).  We are seeing some detections associated to Vulnerable Items like this:

VIT0113003

nancym_0-1699391558551.png

 

 

We have the detections come in with much of the same information but it seems like there are duplicates.  They all matched on MAC Address and with the two that have the same IP address (10.20.15.100) the only difference is one had a FQDN attached to it and the other did not.  When resolving these vulnerabilities via patching the one with the FQDN was auto-resolved but the one missing the FQDN did not automatically resolve.  We have had to turn on the auto-close stale detections to resolve this issue otherwise the detections would remain open forever and the Vulnerable Item would not report as fixed.  On the other hand auto-closing stale detections is skewing our reporting as we have some assets that only get turned on when needed and thus do not get scanned frequently so the vulnerabilities would report as Closed Stale in this situation but still be vulnerable."

 

Is this likely because they don't have the CI matching working properly? How should I troubleshoot this?

thank you,

Nancy