Replacing Asset_ID with cmdb_ci in detection key has significantly lowered the number of VI's
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2024 08:06 PM
Replacing Asset_ID with to cmdb_ci in detection key has significantly lowered the number of vulnerable items imported.
We have a tenable.sc scanner integration. We change the detection key from the out of the box detection key that included Asset_ID as one of the elements. The Asset_ID is the combination of FQDN+IP Address Repo_ID).
Before we made this change, we had more than 1 million vits. After making the change, we now have less than 20K. We are looking to change it back to the default detection key but I would like to know why did making this change lowered the number of imported vulnerable items so much?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2024 09:24 PM
@JamesNicol_1 Changing the detection key from Asset_ID (which combines FQDN, IP Address, and Repo_ID) to only cmdb_ci would drastically lower the number of vulnerable items imported because of how these keys match assets between Tenable and ServiceNow.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2024 03:33 AM
Thanks for the response Abhay. Can you please explain how the matching process works?
