Class - Incomplete IP identified Device

PaulSylo · ‎09-03-2024

Hi all -

I see nearly 30K are under this incomplete IP-identified devices class and the source of these is from "Rapid7". I

I tried to compare the Rapid7 range and discovery schedules. but I am unable to move forward on this,. I am trying to understand this issue and rectify my CI lookups but I have had no results. any understanding of this class and how to proceed further.

Regards,
PaulSylo

Kindly mark "helpful", if this helps, or Mark as "Accepted " if it solves your issues !

Eliz Skogquist · ‎09-04-2024

Hi Paul,

The Incomplete IP Devices tend to be those that come from an unauthenticated scan and can essentially only report back the IP. If you are not using an IP CI Lookup rule, due to challenges with dynamic IPs, then many times these do not get connected to a CI. One item to note: if these assets have vulnerabilities, often times the Assignment Rules are driven by classification types from the Classification Rules on the vulnerabilities, and will align with an assignment and still get assigned. If those Assignment Groups can place the IP, then remediation can still occur. For additional understanding on Incomplete IP Devices, take a look at Chris McDevitt's post: https://www.servicenow.com/community/secops-forum/white-paper-incomplete-ip-identified-devices-and-w... .

PaulSylo · ‎11-13-2024

Thanks @Eliz Skogquist this is very useful whitepaper, i will check this and let you know

Regards,
PaulSylo

Kindly mark "helpful", if this helps, or Mark as "Accepted " if it solves your issues !