Replacing Asset_ID with cmdb_ci in detection key has significantly lowered the number of VI's

JamesNicol_1
Tera Contributor

Replacing Asset_ID with to cmdb_ci  in detection key has significantly lowered the number of vulnerable items imported.

 

We have a tenable.sc scanner integration. We change the detection key from the out of the box detection key that included Asset_ID as one of the elements. The Asset_ID is the combination of FQDN+IP Address Repo_ID).

 

Before we made this change, we had more than 1 million vits. After making the change, we now have less than 20K. We are looking to change it back to the default detection key but I would like to know why did making this change lowered the number of imported vulnerable items so much?

2 REPLIES 2

Abhay Kumar1
Giga Sage

@JamesNicol_1 Changing the detection key from Asset_ID (which combines FQDN, IP Address, and Repo_ID) to only cmdb_ci would drastically lower the number of vulnerable items imported because of how these keys match assets between Tenable and ServiceNow.

Thanks for the response Abhay. Can you please explain how the matching process works?