Class - Incomplete IP identified Device
						
					
					
				
			
		
	
			
	
	
	
	
	
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2024 02:22 PM
Hi all -
I see nearly 30K are under this incomplete IP-identified devices class and the source of these is from "Rapid7". I
I tried to compare the Rapid7 range and discovery schedules. but I am unable to move forward on this,. I am trying to understand this issue and rectify my CI lookups but I have had no results. any understanding of this class and how to proceed further.
PaulSylo
Kindly mark "helpful", if this helps, or Mark as "Accepted " if it solves your issues !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2024 01:07 PM
Hi Paul,
The Incomplete IP Devices tend to be those that come from an unauthenticated scan and can essentially only report back the IP. If you are not using an IP CI Lookup rule, due to challenges with dynamic IPs, then many times these do not get connected to a CI. One item to note: if these assets have vulnerabilities, often times the Assignment Rules are driven by classification types from the Classification Rules on the vulnerabilities, and will align with an assignment and still get assigned. If those Assignment Groups can place the IP, then remediation can still occur. For additional understanding on Incomplete IP Devices, take a look at Chris McDevitt's post: https://www.servicenow.com/community/secops-forum/white-paper-incomplete-ip-identified-devices-and-w... .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-13-2024 09:02 AM
Thanks @Eliz Skogquist this is very useful whitepaper, i will check this and let you know
PaulSylo
Kindly mark "helpful", if this helps, or Mark as "Accepted " if it solves your issues !
